← back
CVE-2019-12723

CVE-2019-12723

EPSS 2.0%
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.phphttps://github.com/pluginsGLPI/fields/pull/317https://github.com/pluginsGLPI/fields/releases/tag/1.10.0