nvd-json-data-feeds/CVE-2024/CVE-2024-456xx/CVE-2024-45600.json

{
  "id": "CVE-2024-45600",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-12-26T22:15:13.583",
  "lastModified": "2024-12-26T22:15:13.583",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13."
    },
    {
      "lang": "es",
      "value": "Fields es un complemento GLPI que permite a los usuarios agregar campos personalizados en los formularios de elementos GLPI. Antes de la versi\u00f3n 1.21.13, un usuario autenticado pod\u00eda realizar una inyecci\u00f3n SQL cuando el complemento estaba activo. La vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.21.13."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74ae#diff-a7024a397fba9a026157683da73cc675ec6b73bd900374b3836bcdc76ec7bd5cR1166",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992",
      "source": "security-advisories@github.com"
    }
  ]
}