Lucene search

GitHub_MCVELIST:CVE-2023-29006

HistoryApr 05, 2023 - 5:53 p.m.

CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user

2023-04-0517:53:03

CWE-502

GitHub_M

www.cve.org

order glpi

remote code execution

authenticated user

system command

security patch

plugin vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

37.6%

JSON

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the ajax/dropdownContact.php file from the plugin.

CNA Affected

[
  {
    "vendor": "pluginsGLPI",
    "product": "order",
    "versions": [
      {
        "version": ">= 1.8.0, < 2.7.7",
        "status": "affected"
      },
      {
        "version": ">= 2.10.0, < 2.10.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e

github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

37.6%

JSON

Related for CVELIST:CVE-2023-29006