CVE-2012-4002 — Cross-Site Request Forgery in Glpi

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 57.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedOct 9

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDglpi-project/glpi0.83.2+48

🔴Vulnerability Details

GHSA

GHSA-rg9g-x558-44x8: Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0↗2022-05-17

▶

💬Community

Bugzilla

CVE-2012-4002 CVE-2012-4003 glpi: XSS and CSRF flaws fixed in in 0.83.3↗2012-08-09

▶