CVE-2023-53943

Sažetak

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

Reference

https://glpi-project.org/pt-br/
https://www.exploit-db.com/exploits/51418
https://www.vulncheck.com/advisories/glpi-username-enumeration-vulnerability-via-lost-password-endpoint
https://www.exploit-db.com/exploits/51418

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

19-12-2025 - 18:00

Objavljeno

18-12-2025 - 20:15