Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35914: absent?: ././internal_utilities/htmLawed?cve=title/ | PHP Labware source code viewer

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.

CVE
#php

Absent directory?: .

/

.

/

internal_utilities

/

htmLawed?cve=title

/

Directory specified probably doesn’t exist, or is not a directory, or could not be accessed, possibly because of file-permission or server configuration issues

Go to root

Related news

htmlLawed 1.2.5 Remote Command Execution

htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.

CVE-2023-26469: GitHub - Orange-Cyberdefense/CVE-repository: Repository of CVE found by OCD people

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability

GLPI 10.0.2 Command Injection

This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907