pluginsGLPI/fields

pluginsGLPI/fields

glpi-plugins.rtfd.io

Releases112

Frequency1 month 1 week

Last Release 2 months ago

Stars113

Additionals fields for GLPI

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-23489 ↗	Mar 16, 2026Monday, 16 March 2026, 18:16	9.1 CRITICAL	—
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
CVE-2024-45600 ↗	Dec 26, 2024Thursday, 26 December 2024, 22:15	7.7 HIGH	—
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.
CVE-2023-28855 ↗	Apr 5, 2023Wednesday, 5 April 2023, 18:15	6.5 MEDIUM	—
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
CVE-2019-12723 ↗	Jul 10, 2019Wednesday, 10 July 2019, 13:15	—	7.5 HIGH
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.