CVE-2011-2720

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

Date published : 2011-08-05

http://www.securityfocus.com/bid/48884

http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en