CVE-2020-27663

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).
Configurations

Configuration 1

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Information

Published : 2020-11-26 05:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-27663

Mitre link : CVE-2020-27663

Products Affected
No products.
CWE