{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45600", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-02T16:00:02.423Z", "datePublished": "2024-12-26T21:27:01.168Z", "dateUpdated": "2024-12-30T14:53:26.436Z"}, "containers": {"cna": {"title": "Fields GLPI plugin has an Authenticated SQL Injection", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992"}, {"name": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166", "tags": ["x_refsource_MISC"], "url": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166"}], "affected": [{"vendor": "pluginsGLPI", "product": "fields", "versions": [{"version": "< 1.21.13", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-26T21:27:01.168Z"}, "descriptions": [{"lang": "en", "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13."}], "source": {"advisory": "GHSA-wwxw-64g6-2992", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-30T14:53:11.947866Z", "id": "CVE-2024-45600", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-30T14:53:26.436Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45600", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-30T14:53:11.947866Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-30T14:53:21.097Z"}}], "cna": {"title": "Fields GLPI plugin has an Authenticated SQL Injection", "source": {"advisory": "GHSA-wwxw-64g6-2992", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pluginsGLPI", "product": "fields", "versions": [{"status": "affected", "version": "< 1.21.13"}]}], "references": [{"url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992", "name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166", "name": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-26T21:27:01.168Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45600", "state": "PUBLISHED", "dateUpdated": "2024-12-30T14:53:26.436Z", "dateReserved": "2024-09-02T16:00:02.423Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-12-26T21:27:01.168Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13."}, {"lang": "es", "value": "Fields es un complemento GLPI que permite a los usuarios agregar campos personalizados en los formularios de elementos GLPI. Antes de la versi\u00f3n 1.21.13, un usuario autenticado pod\u00eda realizar una inyecci\u00f3n SQL cuando el complemento estaba activo. La vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.21.13."}], "id": "CVE-2024-45600", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-12-26T22:15:13.583", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166"}, {"source": "security-advisories@github.com", "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}