This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical input validation flaw in the **Fields GLPI plugin**. <br>π₯ **Consequences**: Allows **Arbitrary PHP Code Execution**. This is not just a bug; itβs a full system compromise risk.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: **CWE-20: Improper Input Validation**. <br>β **Flaw**: The plugin fails to sanitize inputs when creating dropdown lists, allowing malicious code injection directly into the PHP execution context.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: **pluginsGLPI / Fields** plugin. <br>π **Version**: All versions **prior to 1.23.3**. <br>π§ **Component**: The dropdown list creation feature within the plugin.
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: <br>1οΈβ£ Execute **Arbitrary PHP Code**. <br>2οΈβ£ Gain **Full Server Control** (RCE). <br>3οΈβ£ Steal sensitive data or pivot to other systems. <br>π **Impact**: High (C/H/I:H/A:H).
π΅οΈ **Public Exploit**: <br>β **No PoC/Wild Exploit** currently listed in the data. <br>π **Status**: Theoretical but highly dangerous. No public code snippet available yet.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1οΈβ£ Check GLPI Admin Panel β Plugins β **Fields**. <br>2οΈβ£ Verify Version Number. <br>3οΈβ£ If version < **1.23.3**, you are vulnerable.β¦
β‘ **Urgency**: **HIGH** (Priority 1). <br>π **Published**: 2026-03-16. <br>π‘ **Reason**: Although it requires admin auth, the impact is **Full RCE**. Do not ignore. Patch immediately upon upgrade.