CVE-2016-7507 — Cross-Site Request Forgery in Glpi

CWE-352 — Cross-Site Request Forgery4 documents3 sources

Severity

8.0HIGHNVD

EPSS

0.2%

top 56.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedJul 19

Latest updateMay 17

Description

Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

▶NVDglpi-project/glpi0.90.4

🔴Vulnerability Details

GHSA

GHSA-q8q2-v69p-mpm8: Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0↗2022-05-17

▶

💬Community

Bugzilla

CVE-2016-7507 CVE-2016-7509 glpi: Stored XSS and CSRF vulnerabilities [epel-7]↗2017-07-20

▶

Bugzilla

CVE-2016-7507 CVE-2016-7509 glpi: Stored XSS and CSRF vulnerabilities↗2017-07-20

▶