3 matches found
CVE-2019-12723
The CVE-2019-12723 entry concerns the Teclib Fields plugin for GLPI (affected version up to 1.9.2). The issue is a SQL Injection via container_id and old_order parameters to ajax/reorder.php that can be exploited by an unauthenticated user. Impact is described in the sources as high/critical (CVS...
CVE-2023-28855
CVE-2023-28855 concerns the GLPI plugin Fields , which allows users to add custom fields on GLPI items forms. The root cause is a lack of access-control validation, enabling any authenticated user to write data to any fields container, including those the user has no configured access to. This ca...
CVE-2026-23489
CVE-2026-23489 affects the GLPI plugin Fields . Prior to version 1.23.3, it allows arbitrary PHP code execution by users who can create dropdowns, via the dropdown generation process. The issue has been fixed in version 1.23.3 . Exploitation details are not provided in the available documents; no...