Fields
Monthly
A critical remote code execution vulnerability exists in the Fields plugin for GLPI that allows authenticated users with dropdown creation privileges to execute arbitrary PHP code on the server. The vulnerability affects Fields plugin versions prior to 1.23.3 and has a CVSS score of 9.1, indicating severe impact with the ability to compromise the entire system. While no active exploitation has been reported in KEV and no public proof-of-concept is mentioned, the straightforward attack vector and high privileges requirement suggest targeted insider threat or compromised account scenarios.
A critical remote code execution vulnerability exists in the Fields plugin for GLPI that allows authenticated users with dropdown creation privileges to execute arbitrary PHP code on the server. The vulnerability affects Fields plugin versions prior to 1.23.3 and has a CVSS score of 9.1, indicating severe impact with the ability to compromise the entire system. While no active exploitation has been reported in KEV and no public proof-of-concept is mentioned, the straightforward attack vector and high privileges requirement suggest targeted insider threat or compromised account scenarios.