Search
Find a vulnerability
Search criteria
6 vulnerabilities found for fields by teclib-edition
CVE-2026-23489 (GCVE-0-2026-23489)
Vulnerability from nvd – Published: 2026-03-16 17:12 – Updated: 2026-03-16 17:51
VLAI
Title
Fields GLPI plugin vulnerable to RCE in dropdown generation
Summary
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pluginsGLPI/fields/security/ad… | x_refsource_CONFIRM |
| https://github.com/pluginsGLPI/fields/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pluginsGLPI | fields |
Affected:
< 1.23.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T17:46:27.792352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T17:51:31.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fields",
"vendor": "pluginsGLPI",
"versions": [
{
"status": "affected",
"version": "\u003c 1.23.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T17:12:43.964Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.23.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.23.3"
}
],
"source": {
"advisory": "GHSA-rj7q-mmx9-fhq7",
"discovery": "UNKNOWN"
},
"title": "Fields GLPI plugin vulnerable to RCE in dropdown generation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23489",
"datePublished": "2026-03-16T17:12:43.964Z",
"dateReserved": "2026-01-13T15:47:41.628Z",
"dateUpdated": "2026-03-16T17:51:31.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28855 (GCVE-0-2023-28855)
Vulnerability from nvd – Published: 2023-04-05 17:48 – Updated: 2025-02-10 16:27
VLAI
Title
Fields GLPI plugin vulnerable to unauthorized write access to additional fields
Summary
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pluginsGLPI/fields/security/ad… | x_refsource_CONFIRM |
| https://github.com/pluginsGLPI/fields/commit/7842… | x_refsource_MISC |
| https://github.com/pluginsGLPI/fields/releases/ta… | x_refsource_MISC |
| https://github.com/pluginsGLPI/fields/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pluginsGLPI | fields |
Affected:
< 1.13.1
Affected: >= 1.20.0, < 1.20.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584"
},
{
"name": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T16:27:27.665693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T16:27:40.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fields",
"vendor": "pluginsGLPI",
"versions": [
{
"status": "affected",
"version": "\u003c 1.13.1"
},
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T17:48:22.384Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584"
},
{
"name": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4"
}
],
"source": {
"advisory": "GHSA-52vv-hm4x-8584",
"discovery": "UNKNOWN"
},
"title": "Fields GLPI plugin vulnerable to unauthorized write access to additional fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28855",
"datePublished": "2023-04-05T17:48:22.384Z",
"dateReserved": "2023-03-24T16:25:34.468Z",
"dateUpdated": "2025-02-10T16:27:40.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12723 (GCVE-0-2019-12723)
Vulnerability from nvd – Published: 2019-07-10 12:48 – Updated: 2024-08-04 23:32
VLAI
Summary
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pluginsGLPI/fields/blob/master… | x_refsource_MISC |
| https://github.com/pluginsGLPI/fields/pull/317 | x_refsource_MISC |
| https://github.com/pluginsGLPI/fields/releases/ta… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:53.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/pull/317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.10.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T12:48:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/pull/317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.10.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php",
"refsource": "MISC",
"url": "https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php"
},
{
"name": "https://github.com/pluginsGLPI/fields/pull/317",
"refsource": "MISC",
"url": "https://github.com/pluginsGLPI/fields/pull/317"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.10.0",
"refsource": "CONFIRM",
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.10.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12723",
"datePublished": "2019-07-10T12:48:45.000Z",
"dateReserved": "2019-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:53.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-23489 (GCVE-0-2026-23489)
Vulnerability from cvelistv5 – Published: 2026-03-16 17:12 – Updated: 2026-03-16 17:51
VLAI
Title
Fields GLPI plugin vulnerable to RCE in dropdown generation
Summary
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pluginsGLPI/fields/security/ad… | x_refsource_CONFIRM |
| https://github.com/pluginsGLPI/fields/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pluginsGLPI | fields |
Affected:
< 1.23.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T17:46:27.792352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T17:51:31.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fields",
"vendor": "pluginsGLPI",
"versions": [
{
"status": "affected",
"version": "\u003c 1.23.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T17:12:43.964Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.23.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.23.3"
}
],
"source": {
"advisory": "GHSA-rj7q-mmx9-fhq7",
"discovery": "UNKNOWN"
},
"title": "Fields GLPI plugin vulnerable to RCE in dropdown generation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23489",
"datePublished": "2026-03-16T17:12:43.964Z",
"dateReserved": "2026-01-13T15:47:41.628Z",
"dateUpdated": "2026-03-16T17:51:31.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28855 (GCVE-0-2023-28855)
Vulnerability from cvelistv5 – Published: 2023-04-05 17:48 – Updated: 2025-02-10 16:27
VLAI
Title
Fields GLPI plugin vulnerable to unauthorized write access to additional fields
Summary
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pluginsGLPI/fields/security/ad… | x_refsource_CONFIRM |
| https://github.com/pluginsGLPI/fields/commit/7842… | x_refsource_MISC |
| https://github.com/pluginsGLPI/fields/releases/ta… | x_refsource_MISC |
| https://github.com/pluginsGLPI/fields/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pluginsGLPI | fields |
Affected:
< 1.13.1
Affected: >= 1.20.0, < 1.20.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584"
},
{
"name": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T16:27:27.665693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T16:27:40.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fields",
"vendor": "pluginsGLPI",
"versions": [
{
"status": "affected",
"version": "\u003c 1.13.1"
},
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T17:48:22.384Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584"
},
{
"name": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4"
}
],
"source": {
"advisory": "GHSA-52vv-hm4x-8584",
"discovery": "UNKNOWN"
},
"title": "Fields GLPI plugin vulnerable to unauthorized write access to additional fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28855",
"datePublished": "2023-04-05T17:48:22.384Z",
"dateReserved": "2023-03-24T16:25:34.468Z",
"dateUpdated": "2025-02-10T16:27:40.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12723 (GCVE-0-2019-12723)
Vulnerability from cvelistv5 – Published: 2019-07-10 12:48 – Updated: 2024-08-04 23:32
VLAI
Summary
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pluginsGLPI/fields/blob/master… | x_refsource_MISC |
| https://github.com/pluginsGLPI/fields/pull/317 | x_refsource_MISC |
| https://github.com/pluginsGLPI/fields/releases/ta… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:53.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/pull/317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.10.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T12:48:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/fields/pull/317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.10.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php",
"refsource": "MISC",
"url": "https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php"
},
{
"name": "https://github.com/pluginsGLPI/fields/pull/317",
"refsource": "MISC",
"url": "https://github.com/pluginsGLPI/fields/pull/317"
},
{
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.10.0",
"refsource": "CONFIRM",
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.10.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12723",
"datePublished": "2019-07-10T12:48:45.000Z",
"dateReserved": "2019-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:53.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}