HIGH🇬🇧 English

CVE-2025-47286

CVSS 8.6v4.0pub. 2025-11-10upd. 2025-11-21

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on it.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Combodo Itop

    APP
    Combodo
    < 2.7.133.0.0 – 3.2.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-48710CRITICAL9.8PL ✓ten sam produkt

Combodo iTop: nieautoryzowany dostęp do plików z folderu env-production

CVE-2022-39214CRITICAL9.6ten sam produkt

Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1,...

CVE-2021-41162CRITICAL9.3ten sam produkt

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render...

CVE-2021-41161CRITICAL9.3ten sam produkt

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page d...

CVE-2025-47773HIGH8.8ten sam produkt

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to c...

CVE-2025-47286 — HIGH 8.6 | CVEbaza.pl