Insecure Direct Object Reference (IDOR) Vulnerability in GLPI before 9.5.3 Allows Unauthorized Database Table Access

Insecure Direct Object Reference (IDOR) Vulnerability in GLPI before 9.5.3 Allows Unauthorized Database Table Access

CVE-2020-27662 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).

Learn more about our User Device Pen Test.