CVE-2019-12723

NONE EPSS 78.5%
Published Jul 10, 20196y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 10, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.

Threat Intelligence

EPSS Exploit Probability
78.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

VendorProductVersionRange
teclib-editionfields* ≤1.9.2

References 3

  • github.com https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php
    Third Party Advisory
  • github.com https://github.com/pluginsGLPI/fields/pull/317
    Third Party Advisory
  • github.com https://github.com/pluginsGLPI/fields/releases/tag/1.10.0
    Release NotesThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.