Approved changes feed: RSS · Atom

cpe:2.3:a:pluginsglpi:fields:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorPluginsglpi (06299ce7-7c01-5e27-80d2-610e38d2f6b3)
ProductFields (927c8f57-ee45-55b3-8400-71218edf4014)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-23489 vulnerable 2026-06-08 07:51:15.512452 Fields GLPI plugin vulnerable to RCE in dropdown generation
CRITICAL (9.1)
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
Published: 2026-03-16T17:12:43.964Z
Updated: 2026-03-16T17:51:31.011Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-45600 vulnerable 2026-06-08 06:48:08.716540 Fields GLPI plugin has an Authenticated SQL Injection
HIGH (7.7)
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.
Published: 2024-12-26T21:27:01.168Z
Updated: 2024-12-30T14:53:26.436Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-28855 vulnerable 2026-06-08 06:02:36.541008 Fields GLPI plugin vulnerable to unauthorized write access to additional fields
MEDIUM (6.5)
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.
Published: 2023-04-05T17:48:22.384Z
Updated: 2025-02-10T16:27:40.112Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.