Headline
CVE-2023-47489: bugplorer
An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.
Proof-of-concept iTop Exploitation
Published on November 5, 2023
By: Nitipoom Jaroonchaipipat
Vulnerability
- Vulnerability type: CSV Injection
- Affected product: 3.1.0-2-11973 built on 2023-08-02
- Vendor response: Acknowledged
This is the latest version as of November 5, 2023.
First, create a person object with a CSV command. In this case is open a notepad.
The script was executed successfully and Notepad was opened.
© 2023 by bugplorer. All rights reserved.