1 matches found
UBUNTU-CVE-2020-27663
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc...