21 matches found
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...
Exploit for Injection in Glpi-Project Glpi
CVE-2022-35914poc Modified for GLPI Offsec Lab: calluserfun...
htmlLawed 1.2.5 - Remote Code Execution (RCE)
Exploit Title: htmlLawed 1.2.5 - Remote Code Execution RCE Date: 2024-04-24 Exploit Author: Miguel Redondo aka d4t4s3c Vendor Homepage: https://www.bioinformatics.org/phplabware/internalutilities/htmLawed Software Link: https://github.com/kesar/HTMLawed Version: -c \n" exit else banner echo -e "\...
htmlLawed 1.2.5 - Remote Code Execution Exploit
Exploit Title: htmlLawed 1.2.5 - Remote Code Execution RCE Exploit Author: Miguel Redondo aka d4t4s3c Vendor Homepage: https://www.bioinformatics.org/phplabware/internalutilities/htmLawed Software Link: https://github.com/kesar/HTMLawed Version: -c \n" exit else banner echo -e "\n+ Command output...
Exploit for Injection in Glpi-Project Glpi
It is an offensive tool for GLPI. This repository contains a pro...
CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 CVSS score: 9.8 - Teclib GLPI Remote Code Execution...
HTMLawed < 1.2.9 Command Injection (CVE-2022-35914)
Binary data htmlawedcmdinjection.nbin...
GLPI Project Code Injection (CVE-2022-35914)
A code injection vulnerability exists in GLPI Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
GLPI 10.0.2 Command Injection Exploit
This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GL...
GLPI 10.0.2 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GLPI htmLawed php command injection', 'Description' = %q This exploit takes advantage of a unauthenticated php command injection available from...
GLPI htmLawed php command injection
This exploit takes advantage of a unauthenticated php command injection available from GLPI versions 10.0.2 and below to execute a command. Module Options msf use exploit/linux/http/glpihtmlawedphpinjection msf exploitglpihtmlawedphpinjection show targets ...targets... msf...
CVE-2022-35914
creationtimestamp| type| source ---|---|--- 2022-10-04 11:01:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6910 2022-10-10 16:30:23+00:00| published-proof-of-concept| https://t.me/MrVGunz/553 2022-10-11 16:30:21+00:00| published-proof-of-concept|...
Exploit for Injection in Glpi-Project Glpi
This is a PoC exploit for CVE-2022-35914, a vulnerability in an...
Exploit for Injection in Glpi-Project Glpi
It is an offensive tool for web exploitation. This repository co...
Security fix for the ALT Linux 9 package glpi version 9.5.9-alt1
9.5.9-alt1 built Sept. 23, 2022 Pavel Zilke in task 307140 Sept. 14, 2022 Pavel Zilke - New version 9.5.9 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API +...
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2022-35914
CVE-2022-35914 affects GLPI’s htmlawed integration via htmLawedTest.php, enabling PHP code injection. Exploit PoCs exist (PoC scripts and reports in Exploit-DB and GitHub repos) demonstrating remote code execution potential. CVSS v3.1 base score 9.8 (C/H I/H A/H) with network attack vector and no...