CVE-2011-2720

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

Published: Aug 5, 2011
Updated: Nov 9, 2025
CVE: CVE-2011-2720
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
glpi-project / glpi	0.72.4	0.72.4.x
glpi-project / glpi	0.72-rc1	0.72-rc1.x
glpi-project / glpi	0.72.1	0.72.1.x
glpi-project / glpi	0.72.2	0.72.2.x
glpi-project / glpi	0.70-rc2	0.70-rc2.x
glpi-project / glpi	0.70.1	0.70.1.x
glpi-project / glpi	0.6-rc3	0.6-rc3.x
glpi-project / glpi	0.71.5	0.71.5.x
glpi-project / glpi	0.68.2	0.68.2.x
glpi-project / glpi	0.5-rc1	0.5-rc1.x
glpi-project / glpi	0.71.3	0.71.3.x
glpi-project / glpi	0.70	0.70.x
glpi-project / glpi	0.72-rc2	0.72-rc2.x
glpi-project / glpi	0.71	0.71.x
glpi-project / glpi	0.71.1-rc2	0.71.1-rc2.x
glpi-project / glpi	0.72	0.72.x
glpi-project / glpi	0.6-rc2	0.6-rc2.x
glpi-project / glpi	0.70-rc3	0.70-rc3.x
glpi-project / glpi	0.71.1-rc3	0.71.1-rc3.x
glpi-project / glpi	0.78.2	0.78.2.x
glpi-project / glpi	0.68	0.68.x
glpi-project / glpi	0.72-rc3	0.72-rc3.x
glpi-project / glpi	0.5	0.5.x
glpi-project / glpi	-	0.80.1.x
glpi-project / glpi	0.71.2	0.71.2.x
glpi-project / glpi	0.70-rc1	0.70-rc1.x
glpi-project / glpi	0.71.4	0.71.4.x
glpi-project / glpi	0.51	0.51.x
glpi-project / glpi	0.65-rc2	0.65-rc2.x
glpi-project / glpi	0.68.3	0.68.3.x
glpi-project / glpi	0.65-rc1	0.65-rc1.x
glpi-project / glpi	0.78.3	0.78.3.x
glpi-project / glpi	0.68-rc1	0.68-rc1.x
glpi-project / glpi	0.78.4	0.78.4.x
glpi-project / glpi	0.51a	0.51a.x
glpi-project / glpi	0.78.1	0.78.1.x
glpi-project / glpi	0.71.1	0.71.1.x
glpi-project / glpi	0.6	0.6.x
glpi-project / glpi	0.72.3	0.72.3.x
glpi-project / glpi	0.71.6	0.71.6.x
glpi-project / glpi	0.6-rc1	0.6-rc1.x
glpi-project / glpi	0.68-rc3	0.68-rc3.x
glpi-project / glpi	0.68.1	0.68.1.x
glpi-project / glpi	0.71.1-rc1	0.71.1-rc1.x
glpi-project / glpi	0.68-rc2	0.68-rc2.x
glpi-project / glpi	0.5-rc2	0.5-rc2.x
glpi-project / glpi	0.65	0.65.x
glpi-project / glpi	0.78.5	0.78.5.x
glpi-project / glpi	0.80	0.80.x
glpi-project / glpi	0.42	0.42.x
glpi-project / glpi	0.70.2	0.70.2.x
glpi-project / glpi	0.78	0.78.x

Vulnerability Database

300,830

CVE-2011-2720

Deep Security Visibility Without the Complexity