CNNVD-202512-3377 Information
CNNVD ID
CNNVD-202512-3377
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI 9.5.7版本存在安全漏洞,该漏洞源于用户名枚举漏洞,可能导致验证电子邮件地址。
Description (English)
GLPI is an open-source IT and asset management software for GLPI. The software provides a fully functional IT resource management interface, which you can use to create a database that fully manages IT computers, monitors, servers, printers, network equipment, telephones, even selenium drums and cartridges. There is a security gap in version 9.5.7 of the GLPI, which arises from a user-name gap that may lead to the authentication of e-mail addresses.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GLPI
Published
2025-12-18
Last Modified
2026-02-24
References
https://glpi-project.org/pt-br/ https://www.exploit-db.com/exploits/51418 https://www.vulncheck.com/advisories/glpi-username-enumeration-vulnerability-via-lost-password-endpoint
Patch
https://www.glpi-project.org/en/downloads/
Share on: