5 matches found
CVE-2022-24780
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in version...
Exploit for Code Injection in Combodo Itop
iTop RCE via SSTI - CVE-2022-24780 exploit iTop --debu...
iTop Remote Command Execution Exploit
!/usr/bin/env ruby Exploit Title: iTop p...
CVE-2022-24780 Code Injection in Combodo iTop
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in version...
CVE-2022-24780
CVE-2022-24780 affects Combodo iTop (web-based IT service management). In versions before 2.7.6 (and 3.0.0), the iTop portal accepts crafted HTTP queries that cause Twig template code to be executed on the server, enabling arbitrary code execution with the server user privileges. Root cause: temp...