CVE-2023-29006
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the ajax/dropdownContact.php file from the plugin.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| pluginsGLPI | order | >= 1.8.0, < 2.7.7 | affected |
| pluginsGLPI | order | >= 2.10.0, < 2.10.1 | affected |
Weaknesses
- CWE-502: CWE-502: Deserialization of Untrusted Data
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm
- https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm
- https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.