CVE-2024-45600

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45600
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45600.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-45600
Aliases
  • GHSA-wwxw-64g6-2992
Published
2024-12-26T22:15:13Z
Modified
2025-01-08T16:27:14.393280Z
Summary
[none]
Details

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.

References

Affected packages

Git / github.com/pluginsglpi/fields

Affected ranges

Type
GIT
Repo
https://github.com/pluginsglpi/fields
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.85-beta-6
0.90-1.0
0.90-1.1
0.90-1.2
0.90-1.3

1.*

1.10.0
1.10.1
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.12.11
1.12.12
1.12.2
1.12.3
1.12.4
1.12.5
1.12.6
1.12.7
1.12.8
1.12.9
1.13.0
1.14.0
1.15.0
1.15.1
1.15.2
1.15.3
1.16.0
1.17.0
1.17.1
1.17.2
1.17.3
1.18.0
1.18.1
1.18.2
1.19.0
1.20.0
1.20.1
1.20.2
1.20.3
1.20.4
1.20.5
1.20.6
1.20.7
1.21.0
1.21.1
1.21.10
1.21.11
1.21.12
1.21.2
1.21.3
1.21.4
1.21.5
1.21.6
1.21.7
1.21.8
1.21.9
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.5.0
1.6.0
1.6.1
1.6.2
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0
1.8.1
1.8.2
1.9.0
1.9.1
1.9.2