CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2022-35914

CVSS 9.8v3.1pub. 2022-09-19upd. 2025-11-03

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Glpi Project Glpi

    APP
    Glpi-Project
    ≤ 10.0.2

CISA KEV — detailsi

Vendori
Teclib
Producti
GLPI
Added to KEVi
March 7, 2023
Remediation deadline (US Federal)i
March 28, 2023(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 28 marca 2023
CWE
References

Related vulnerabilities

CVE-2026-26026CRITICAL9.1PL ✓ten sam produkt

GLPI: Template Injection prowadzący do RCE przez konto administratora

CVE-2024-50339CRITICAL9.3PL ✓ten sam produkt

GLPI: Kradzież sesji przez nieuauthoryzowany dostęp do identyfikatorów sesji

CVE-2023-42802CRITICAL10.0ten sam produkt

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0....

CVE-2023-28849CRITICAL10.0ten sam produkt

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0....

CVE-2023-28838CRITICAL9.6ten sam produkt

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13...