{"id":"CVE-2019-12723","details":"An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.","modified":"2026-04-10T04:14:33.542746Z","published":"2019-07-10T13:15:10.730Z","references":[{"type":"ADVISORY","url":"https://github.com/pluginsGLPI/fields/blob/master/ajax/reorder.php"},{"type":"ADVISORY","url":"https://github.com/pluginsGLPI/fields/pull/317"},{"type":"ADVISORY","url":"https://github.com/pluginsGLPI/fields/releases/tag/1.10.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pluginsglpi/fields","events":[{"introduced":"0"},{"last_affected":"64765b9f71718fac26cc729fa5b0743dc7efa484"},{"fixed":"1334debb3ee8d499ad214a1d6730cefebed3c4ac"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.2"}]}}],"versions":["0.85-beta-6","0.90-1.0","0.90-1.1","0.90-1.2","0.90-1.3","1.6.0","1.6.2","1.7.0","1.7.1","1.7.2","1.7.3","1.8.0","1.8.1","1.8.2","1.9.0","1.9.1","1.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12723.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}