CVE-2024-43416

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue.

Related Vulnerabilities

CVE-2007-3650

MEDIUM
CVSS:5.3(Medium)

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (...

CWE-2002007

CVE-2007-3651

MEDIUM
CVSS:5.3(Medium)

class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation...

CWE-2002007

CVE-2010-3673

MEDIUM
CVSS:5.3(Medium)

TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.

CWE-2002010

CVE-2011-0736

MEDIUM
CVSS:5.3(Medium)

Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=...

CWE-2002011

CVE-2011-0737

MEDIUM
CVSS:5.3(Medium)

Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the ven...

CWE-2002011

CVE-2011-4538

MEDIUM
CVSS:5.3(Medium)

Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.

CWE-2002011