Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Combodo iTop 输入验证错误漏洞
Vulnerability Description
Combodo iTop 2.2.0版本至2.6.0版本中存在安全漏洞。攻击者可借助恶意制作的payload利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A