CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10642
https://notcve.org/view.php?id=CVE-2018-10642
Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). Vulnerabilidad de inyección de comandos en Combodo iTop 2.4.1 permite que administradores remotos autenticados ejecuten comandos arbitrarios cambiando la configuración de la plataforma, ya que web/env-production/itop-config/config.php contiene una función llamada TestConfig() que llama a la función vulnerable eval(). • https://github.com/arbahayoub/POC/blob/master/itop_command_injection_1.txt https://sourceforge.net/p/itop/tickets/1585 • CWE-94: Improper Control of Generation of Code ('Code Injection') •