FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

glpi -- remote attack via crafted POST request

Affected packages
glpi < 0.80.2

Details

VuXML ID 7c769c89-53c2-11e1-8e52-00163e22ef61
Discovery 2011-07-20
Entry 2012-02-10
Modified 2013-06-19

The GLPI project reports:

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

References

CVE Name CVE-2011-2720
URL http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
URL https://forge.indepnet.net/issues/3017