/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed | Patch Third Party Advisory |
https://github.com/glpi-project/glpi/releases | Release Notes Third Party Advisory |
https://glpi-project.org/fr/glpi-10-0-3-disponible/ | Release Notes Vendor Advisory |
Configurations
History
25 Oct 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-19 16:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-35914
Mitre link : CVE-2022-35914
CVE.ORG link : CVE-2022-35914
JSON object : View
Products Affected
glpi-project
- glpi
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')