Vulnerabilities > CVE-2020-27662 - Insecure Storage of Sensitive Information vulnerability in Glpi-Project Glpi

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
glpi-project
CWE-922

Summary

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).

Vulnerable Configurations

Part Description Count
Application
Glpi-Project
161

Common Weakness Enumeration (CWE)