CVE-2020-27662

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Information

Published : 2020-11-26 09:15

Updated : 2021-07-21 04:39


NVD link : CVE-2020-27662

Mitre link : CVE-2020-27662


JSON object : View

CWE
CWE-639

Authorization Bypass Through User-Controlled Key

Advertisement

dedicated server usa

Products Affected

glpi-project

  • glpi