Phishing through a login page malicious URL
Package
glpi
(glpi)
Affected versions
>= 10.0.8
Patched versions
10.0.10
Description
Credits
-
jocelainesilva Reporter
jocelainesilva
Reporter
Impact
The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page that can be used to attempt a phishing attack on user credentials.
Patches
Upgrade to 10.0.10
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.