CVE-2022-24780

CVE-2022-24780

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

Source: CVE-2022-24780

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다