What is CVE-2024-45600?

CVE-2024-45600 is a high-severity vulnerability in Pluginsglpi Fields, classified under SQL Injection. CVSS score: 7.7/10. Published 2024-12-26.

How severe is CVE-2024-45600?

High severity. CVSS v3 base score is 7.7 out of 10.

SQL Injection in Pluginsglpi Fields

CVE-2024-45600

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.

Vulnerability class: SQL Injection

EPSS: 0.001 (28.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Pluginsglpi Fields — versions < 1.21.13

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992 (x_refsource_CONFIRM)
https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-45600?: CVE-2024-45600 is a high-severity vulnerability in Pluginsglpi Fields, classified under SQL Injection. CVSS score: 7.7/10. Published 2024-12-26.
How severe is CVE-2024-45600?: High severity. CVSS v3 base score is 7.7 out of 10.