2 matches found
CVE-2023-28855
CVE-2023-28855 concerns the GLPI plugin Fields , which allows users to add custom fields on GLPI items forms. The root cause is a lack of access-control validation, enabling any authenticated user to write data to any fields container, including those the user has no configured access to. This ca...
CVE-2026-23489
CVE-2026-23489 affects the GLPI plugin Fields . Prior to version 1.23.3, it allows arbitrary PHP code execution by users who can create dropdowns, via the dropdown generation process. The issue has been fixed in version 1.23.3 . Exploitation details are not provided in the available documents; no...