Teclib Fields < 1.9.2 - Unauthenticated SQL Injection via container_id and old_order Parameters
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.