Fields plugin team

1 exploit Active since Jul 2019
CVE-2019-12723 WRITEUP CRITICAL WORKING POC
Teclib Fields < 1.9.2 - Unauthenticated SQL Injection via container_id and old_order Parameters
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
CVSS 9.8