← volver
CVE-2019-12723

CVE-2019-12723

EPSS 2.0%
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.phphttps://github.com/pluginsGLPI/fields/pull/317https://github.com/pluginsGLPI/fields/releases/tag/1.10.0