Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iTop limit pages/exec.php script to PHP files
Vulnerability Description
iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
iTop 安全漏洞
Vulnerability Description
iTop是一个提供优化 iTop 所需的所有资源的平台。 iTop 2.7.10, 3.0.4, 3.1.1 和 3.2.0 版本存在安全漏洞,该漏洞源于可以检索 env-production 文件夹中的文件,即使它们的访问权限应受到限制。
CVSS Information
N/A
Vulnerability Type
N/A