InfoSec LAB

A vulnerability was found in GLPI up to 10.0.2 (Asset Management Software). It has been declared as critical. This vulnerability affects some unknown functionality of the file /vendor/htmlawed/htmlawed/htmLawedTest.php of the component htmlawed Module. The manipulation with an unknown input leads to a code injection vulnerability. The CWE definition for the vulnerability is CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. As an impact it is known to affect confidentiality, integrity, and availability.

Exploit

According to the author, the exploit appears straight forward by abusing the PHP’s exec function via the hook parameter

Interactive Graph View

CVE-2022-35914
Exploit

Backlinks

law_Web
law_Exploitation
law

Share your thoughts

Home

Created by tacticalgator with Quartz

GitHub
HTB

InfoSec LAB

Explorer

law_CVE-2022-35914

CVE-2022-35914

Exploit

Interactive Graph View

Table of Contents

Backlinks