Home / Early Warning / Vulnerabilidades / CVE-2020-27662

CVE-2020-27662

Type: 
Unavailable / Other
Severity: 
Medium
Publication date: 
11/26/2020
Last modified: 
11/28/2020
Description
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Requires a single instance to exploit
Impact Type: No impact on system integrity + Partially affects on system confidentiality + No impact on system availability
Vulnerable software and versions
  • cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields