CVE-2024-45600

Name of the Vulnerable Software and Affected Versions: Fields plugin for GLPI versions prior to 1.21.13

Description: The issue is related to a lack of protection against SQL injection attacks in the Fields plugin for GLPI. This allows an authenticated user to perform a SQL injection when the plugin is active, potentially enabling a remote attacker to execute arbitrary SQL code.

Recommendations: For versions prior to 1.21.13, update to version 1.21.13 to resolve the issue. As a temporary workaround, consider disabling the Fields plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation.