CVE-2021-39209 – GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a use …

15 September 2021

Vuln ID: CVE-2021-39209

Published: 2021-09-15 16:15:07Z

Description: GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.

Source: NVD.NIST.GOV

Date:

15 September 2021

Categorie(s):

NVD

Tag(s):

NVD

Four trends to top the CISO’s packed agenda26 April 2024
Microsoft Publicly Releases MS-DOS 4.0 Source Code26 April 2024
New SSLoad Malware Combined With Tools Hijacking Entire Network Domain26 April 2024
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites26 April 2024
Top 5 MSP Cyberattacks in 2023/202426 April 2024