Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval().
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Combodo iTop 命令注入漏洞
Vulnerability Description
Combodo iTop(又名IT Operations Portal,IT运营门户)是法国Combodo公司的一套基于ITIL开发且用于IT环境日常运营的开源Web应用程序。该工具提供事件管理、配置管理和问题管理等功能。 Combodo iTop 2.4.1版本中存在命令注入漏洞,该漏洞源于web/env-production/itop-config/config.php文件包含可以调用‘eval()’函数的‘TestConfig()’函数。远程攻击者可通过更改平台的配置利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A