Home

Description

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-18 | Updated 2025-12-18 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

Observable Discrepancy

Product status

9.5.7
affected

Credits

Rafael B. finder

References

www.exploit-db.com/exploits/51418 exploit

www.exploit-db.com/exploits/51418 (ExploitDB-51418) exploit

glpi-project.org/pt-br/ (Official Product Homepage) product

www.vulncheck.com/...ulnerability-via-lost-password-endpoint (VulnCheck Advisory: GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint) third-party-advisory

cve.org (CVE-2023-53943)

nvd.nist.gov (CVE-2023-53943)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.