PT-2019-12899 · Teclib · Glpi Teclib Fields Plugin

Published

2019-07-10

Updated

2019-07-11

CVE-2019-12723

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GLPI Teclib Fields plugin versions through 1.9.2

Description The issue allows SQL Injection via the container id and old order parameters to the "ajax/reorder.php" endpoint by an unauthenticated user.

Recommendations For versions through 1.9.2, update to a version that contains a fix for this issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-12723

Affected Products

Glpi Teclib Fields Plugin

PT-2019-12899 · Teclib · Glpi Teclib Fields Plugin

CVE-2019-12723

Weakness Enumeration

Related Identifiers

Affected Products

References · 5