CVE-2024-45600

HIGH Year: 2024
CVSS v3 Score
7.7
High
Weakness Type
CWE-89
View all →

Vulnerability Description

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.

Related Vulnerabilities

CVE-2020-6249

HIGH
CVSS:7.7(High)

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the b...

CWE-892020

CVE-2021-21915

HIGH
CVSS:7.7(High)

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can...

CWE-892021

CVE-2021-21916

HIGH
CVSS:7.7(High)

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker...

CWE-892021

CVE-2021-21917

HIGH
CVSS:7.7(High)

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make auth...

CWE-892021

CVE-2021-21918

HIGH
CVSS:7.7(High)

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super...

CWE-892021

CVE-2021-21919

HIGH
CVSS:7.7(High)

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administ...

CWE-892021