An issue exists in the Teclib Fields plugin up to and including 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
teclib-edition fields |