← voltar
CVE-2019-12723

CVE-2019-12723

EPSS 2.0%
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.phphttps://github.com/pluginsGLPI/fields/pull/317https://github.com/pluginsGLPI/fields/releases/tag/1.10.0