snipe/snipe-it is vulnerable to business logic errors. The vulnerability exists in the handle
function of Authenticate.php
because login enable does not block the old session which allows a malicious user to exploit the flaw and leak data.
CPE | Name | Operator | Version |
---|---|---|---|
snipe/snipe-it | le | v5.4.1 | |
snipe/snipe-it | le | v5.4.1 |