AI Score
Confidence
High
EPSS
Percentile
61.0%
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php
github.com/pluginsGLPI/fields/pull/317
github.com/pluginsGLPI/fields/releases/tag/1.10.0