Primary

Context

GLPI Open Redirect Vulnerability in Versions Prior to 10.0.18

Vulnerability

Patched

An open redirect vulnerability has been identified in GLPI versions prior to 10.0.17. The issue arises in the file '/index.php', where the 'redirect' parameter can be manipulated to redirect users to external sites. This vulnerability can be exploited remotely and does not require authentication, although it does require user interaction. The flaw has been publicly disclosed and is known to be easy to exploit, potentially leading to phishing attacks.

Impact

Exploitation of this vulnerability allows for open redirection, which can be used to conduct phishing attacks by redirecting users to malicious websites.

Reproduction

To reproduce this vulnerability, send a request to the '/index.php' endpoint with a crafted 'redirect' parameter that points to a malicious URL. The server will redirect the user to the specified URL, bypassing any security measures.

Remediation

Users are advised to upgrade to GLPI version 10.0.18, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Open Redirect Vulnerability in Versions Prior to 10.0.18

Vulnerability

Impact

Reproduction

Remediation

Affected Products

GLPI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating