Vulnerabilities > CVE-2020-27663 - Authorization Bypass Through User-Controlled Key vulnerability in Glpi-Project Glpi

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
glpi-project
CWE-639
NVD
Published: 2020-11-26
Updated: 2021-07-21

Summary

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).

Vulnerable Configurations

Part Description Count
Application
Glpi-Project
162

Common Weakness Enumeration (CWE)

References