• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Teclib GLPI Remote Code Execution Vulnerability

Released: Mar 13, 2023

Download PDF »

GLPI Remote Code Execution

High Severity

Vulnerability Type

Subscribe

Critical vulnerability in a third party library module

A vulnerability is observed in the 3rd-party HTMLAWED module for GLPI through 10.0.2 which allows PHP code injection. Learn More »

Common Vulnerabilities and Exposures

CVE-2022-35914

Background

GLPI (Gestionnaire Libre de Parc Informatique) is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A remote unauthenticated attacker could exploit this vulnerability (CVE-2022-35914) by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution in the security context of the web server process which could impact confidentiality, integrity and availability of the system.

Threat Radar Overall Score:
CVSS Rating 9.0
FortiRecon Score 96/100
Known Exploited Yes
Exploit Prediction Score 97.41%
FortiGuard Telemetry 19239

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


September 14, 2022: GLPI releases version 10.0.3 with a fix. https://glpi-project.org/fr/glpi-10-0-3-disponible/
March 07, 2023: CISA adds CVE-2022-35914 to its known exploited catalog


March 13, 2023: FortiGuard labs is seeing active exploitation attempts to exploit the flaw CVE-2022-35914 and recommends admins to update the GLPI to version 10.0.3 or above.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • IPS

  • Application Firewall

DETECT

  • Outbreak Detection

  • Threat Hunting

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...