CVE-2026-23489

Critical CVSS: 9.1

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.

Vendor

Teclib-edition

Product

Fields

CWE

CWE-20

Yayın Tarihi

2026-03-16 18:16:06

Güncelleme

2026-03-18 13:57:05

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Fields CRITICAL Teclib-edition 2026

Referanslar

https://github.com/pluginsGLPI/fields/releases/tag/1.23.3 https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7

Benzer Kayıtlar

Medium

CVE-2026-25937

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malic…

Medium

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an auth…

High

CVE-2026-22248

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses track…