CVE-2026-23489

Published: Mar 16, 2026 Last Modified: Mar 16, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.

Improper Input Validation

Stable

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality Integrity

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Memory Read Files Or Directories Modify Memory Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://github.com/pluginsGLPI/fields/releases/tag/1.23.3

https://github.com/pluginsGLPI/fields/security/advisories/G…

https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7

CVE-2026-23489

Description

Improper Input Validation

Common Consequences

Applicable Platforms

Iscriviti alla newsletter