/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed | Patch Third Party Advisory |
https://github.com/glpi-project/glpi/releases | Release Notes Third Party Advisory |
https://glpi-project.org/fr/glpi-10-0-3-disponible/ | Release Notes Vendor Advisory |
Configurations
History
28 Oct 2022, 21:14
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry |
25 Oct 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2022, 17:33
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 | |
First Time |
Glpi-project glpi
Glpi-project |
|
CPE | cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/glpi-project/glpi/releases - Release Notes, Third Party Advisory | |
References | (MISC) https://glpi-project.org/fr/glpi-10-0-3-disponible/ - Release Notes, Vendor Advisory | |
References | (MISC) http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
19 Sep 2022, 16:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-19 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-35914
Mitre link : CVE-2022-35914
CVE.ORG link : CVE-2022-35914
JSON object : View
Products Affected
glpi-project
- glpi
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')