CVE-2018-10642: Code Injection
First published: Wed May 02 2018(Updated: )
Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval().
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Combodo iTop | <=2.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-10642?
CVE-2018-10642 is a command injection vulnerability in Combodo iTop 2.4.1.
How does CVE-2018-10642 work?
CVE-2018-10642 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration.
What is the severity of CVE-2018-10642?
The severity of CVE-2018-10642 is high with a CVSS score of 7.2.
How can CVE-2018-10642 be exploited?
CVE-2018-10642 can be exploited by exploiting the TestConfig() function in the config.php file.
Is there a patch available for CVE-2018-10642?
At the time of writing this FAQ, there is no official patch available for CVE-2018-10642. It is recommended to update to a version of Combodo iTop that is not affected by this vulnerability.
- collector/nvd-index
- vendor/combodo
- canonical/combodo itop
- version/combodo itop/2.4.1