MDVSA-2012:014 -- Mandriva glpiID: oval:org.secpod.oval:def:1300023 | Date: (C)2013-04-08 (M)2022-10-10 |
Class: PATCH | Family: unix |
A vulnerability has been found and corrected in GLPI: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request . This advisory provides the latest version of GLPI which are not vulnerable to this issue. Additionally the latest versions of the corresponding plugins are also being provided.
Platform: |
Mandriva Enterprise Server 5.2 |