Glpi Security Vulnerabilities and Issues — Glpi CVE List

Lucene search

Glpi-projectGlpi

3 matches found

CVE•added 2020/11/26 5:15 p.m.•94 views

CVE-2020-27662

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).

4.3CVSS4.6AI score0.00231EPSS

CVE•added 2020/11/26 5:15 p.m.•91 views

CVE-2020-27663

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).

4.3CVSS4.6AI score0.00231EPSS

CVE•added 2020/11/25 5:15 p.m.•66 views

CVE-2020-26212

GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of eve...

7.7CVSS6.4AI score0.00285EPSS