Unrated severityOSV Advisory· Published Dec 18, 2025· Updated Apr 7, 2026

GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint

CVE-2023-53943

Description

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

Affected products

Glpi Project/GlpiOSV
Range: 0.90, 0.90-RC1, 0.90-RC2, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51418mitreexploit
www.vulncheck.com/advisories/glpi-username-enumeration-vulnerability-via-lost-password-endpointmitrethird-party-advisory
glpi-project.org/pt-br/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000