Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2022-24780

Published: 05/04/2022 Updated: 07/10/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Combodo

Vulnerability Summary

Combodo iTop is a web based IT Service Management tool. In versions before 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

combodo itop 3.0.0

combodo itop

Exploits

Exploit DB: iTop Remote Command Execution
iTop versions prior to 275 authenticated remote command execution exploit ...

Github Repositories

https://github.com/Acceis/exploit-CVE-2022-24780

iTop < 2.7.6 - (Authenticated) Remote command execution

iTop RCE via SSTI - CVE-2022-24780 exploit iTop &lt; 276 - (Authenticated) Remote command execution Exploit for CVE-2022-24780 [EDB-TODO] [PacketStorm] [WLB-2022050075] Usage $ ruby exploitrb -h iTop &lt; 276 - (Authenticated) Remote command execution Usage: exploitrb full &lt;url&gt; &lt;username&gt; &lt;password&gt; &lt;cmd&

References

CWE-94https://github.com/Combodo/iTop/commit/b6fac4b411b8d145fc30fa35c66b51243eafd06bhttps://github.com/Combodo/iTop/commit/93f273a28778e5da8e51096f021d2dc1adbf4ef3https://markus-krell.de/itop-template-injection-inside-customer-portal/https://github.com/Combodo/iTop/security/advisories/GHSA-v97m-wgxq-rh54https://github.com/Combodo/iTop/commit/eb2a615bd28100442c7f6171707bb40884af2305http://packetstormsecurity.com/files/167236/iTop-Remote-Command-Execution.htmlhttps://nvd.nist.govhttps://github.com/Acceis/exploit-CVE-2022-24780https://packetstormsecurity.com/files/167236/iTop-Remote-Command-Execution.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook