Vulnerability CVE-2022-24780

Vulnerability CVE-2022-24780

Published: 2022-04-05

Description:

	Topic	Author	Date
High	iTop < 2.7.6 - (Authenticated) Remote command execution	Alexandre Zanni	22.05.2022
High	iTop Remote Command Execution	Markus Krell	24.05.2022

Type:

(Improper Control of Generation of Code ('Code Injection'))

https://github.com/Combodo/iTop/commit/b6fac4b411b8d145fc30fa35c66b51243eafd06b

https://github.com/Combodo/iTop/commit/93f273a28778e5da8e51096f021d2dc1adbf4ef3

https://markus-krell.de/itop-template-injection-inside-customer-portal/

https://github.com/Combodo/iTop/security/advisories/GHSA-v97m-wgxq-rh54

https://github.com/Combodo/iTop/commit/eb2a615bd28100442c7f6171707bb40884af2305