CNNVD-202511-924 Information
CNNVD ID
CNNVD-202511-924
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
Combodo iTop是法国Combodo公司的一套基于ITIL开发且用于IT环境日常运营的开源Web应用程序。该程序提供事件管理、配置管理和问题管理等功能。 Combodo iTop 2.7.13之前版本和3.2.2版本存在注入漏洞,该漏洞源于管理员可通过编辑配置执行服务器代码。
Description (English)
Combodo iTop is an open-source Web application developed by the French company Combodo based on ITIL and used in the daily operation of the IT environment. It provides features such as incident management, configuration management and issue management. Combodo iTop 2.7.13 had an injection loophole, which arose from the ability of the administrator to execute the server code through the edit configuration.
Hazard Level
High
Vulnerability Type
注入
Affected Vendor
Combodo
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/Combodo/iTop/security/advisories/GHSA-4w93-rw6g-5m9c https://access.redhat.com/security/cve/cve-2025-47286
Patch
https://github.com/Combodo/iTop/releases
Share on: