High severity7.7OSV Advisory· Published Dec 26, 2024· Updated Apr 15, 2026

CVE-2024-45600

Description

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13.

Affected products

Pluginsglpi/FieldsOSV
Range: 0.85-beta-6, 0.90-1.0, 0.90-1.1, …

Patches

9e8e99ae700b

https://github.com/pluginsglpi/fieldsvia osv

commit

eb927b0f084e

https://github.com/pluginsglpi/fieldsvia osv

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/pluginsGLPI/fields/commit/eb927b0f084ee4ef6c87ab2eb7a15e99369e74aenvd
github.com/pluginsGLPI/fields/security/advisories/GHSA-wwxw-64g6-2992nvd

News mentions

No linked articles in our index yet.

cvss	0.501
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000