Fields
Monthly
A critical remote code execution vulnerability exists in the Fields plugin for GLPI that allows authenticated users with dropdown creation privileges to execute arbitrary PHP code on the server. The vulnerability affects Fields plugin versions prior to 1.23.3 and has a CVSS score of 9.1, indicating severe impact with the ability to compromise the entire system. While no active exploitation has been reported in KEV and no public proof-of-concept is mentioned, the straightforward attack vector and high privileges requirement suggest targeted insider threat or compromised account scenarios.
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A critical remote code execution vulnerability exists in the Fields plugin for GLPI that allows authenticated users with dropdown creation privileges to execute arbitrary PHP code on the server. The vulnerability affects Fields plugin versions prior to 1.23.3 and has a CVSS score of 9.1, indicating severe impact with the ability to compromise the entire system. While no active exploitation has been reported in KEV and no public proof-of-concept is mentioned, the straightforward attack vector and high privileges requirement suggest targeted insider threat or compromised account scenarios.
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.