CVE-2019-12723: SQL Injection
First published: Wed Jul 10 2019(Updated: )
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Teclib-edition Fields | <=1.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue with the Teclib Fields plugin?
The vulnerability ID for this issue with the Teclib Fields plugin is CVE-2019-12723.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Teclib Fields plugin version 1.9.2 for GLPI.
What is the severity of CVE-2019-12723?
The severity of CVE-2019-12723 is critical, with a severity value of 9.8.
How can an unauthenticated user exploit this vulnerability?
An unauthenticated user can exploit this vulnerability through SQL Injection via the container_id and old_order parameters to ajax/reorder.php.
Is there a fix available for this vulnerability?
Yes, there is a fix available for this vulnerability. Users should upgrade to version 1.10.0 or later of the Teclib Fields plugin for GLPI.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/teclib-edition
- canonical/teclib-edition fields
- version/teclib-edition fields/1.9.2