You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Learn more on MITRE.
am0o0 Analyst
Impact
CSRF protection can be bypassed at many places, once user is logged into GLPI.
Malicious website is so able to perform many actions on GLPI.
Patches
Upgrade to 9.5.6
Workarounds
None.