CVE-2025-21626 in GLPIinfo

Zusammenfassung (Englisch)

GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Zuständig

GitHub_M

Reservieren

29.12.2024

Veröffentlichung

25.02.2025

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
296811GLPI status.php Information Disclosure200Nicht definiertOffizieller FixCVE-2025-21626

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!