Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NTeclib Edition Fields
APPTeclib-Edition< 1.13.11.20.0 – 1.20.4 (bez)
Powiązane podatności
RCE przez tworzenie dropdownów w pluginie Fields dla GLPI
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via contai...
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing...
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication....