Local Code Execution Vulnerability in Combodo iTop by Combodo
CVE-2023-47489

7.8HIGH

Key Information:

Vendor: Combodo
Status: Itop
Vendor: CVE Published:; 9 November 2023

Badges

👾 Exploit Exists

What is CVE-2023-47489?

A vulnerability in Combodo iTop version 3.1.0-2-11973 enables local attackers to execute arbitrary code. This is achieved by delivering a malicious script targeting the export-v2.php and ajax.render.php components, compromising the integrity and security of the system.

References

https://bugplorer.github.io/cve-csv-itop/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 15, 2023
👾
Exploit known to exist
Nov 15, 2023
Vulnerability published
Nov 9, 2023
Vulnerability Reserved
Nov 6, 2023