|iTop 2.2.1 Cross Site Request Forgery... - VULHUB开源网络安全威胁库

iTop 2.2.1 Cross Site Request Forgery...

- AV AC AU C I A

发布： 2016-03-19

修订： 2025-04-13

exploit
remote
web
php
codeexecution
csrf

High-Tech Bridge Security Research Lab discovered a remote code execution vulnerability in iTop that is exploitable via cross site request forgery flaw that is also present in the application. The vulnerability exists due to absence of validation of HTTP request origin in "/env-production/itop-config/config.php" script, as well as lack of user-input sanitization received via "new_config" HTTP POST parameter.

漏洞利用/PoC

当前有1条漏洞利用/PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™

iTop 2.2.1 Cross Site Request Forgery...

漏洞利用/PoC

受影响的平台与产品

贡献用户

相关漏洞清单