RSS   Vulnerabilities for 'Fields'   RSS

2019-07-10
 
CVE-2019-12724

CWE-79
 

 
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.

 
 
CVE-2019-12723

CWE-89
 

 
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.

 

 >>> Vendor: Teclib-edition 4 Products
Armadito antivirus
Gestionnaire libre de parc informatique
Fields
Addressing


Copyright 2024, cxsecurity.com

 

Back to Top