Exploit for #VU72065 Code Injection in GLPI

Published: 2023-02-08 | Updated: 2024-04-26

Vulnerability identifier: #VU72065

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-35914

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 11

April 26, 2024
- CVE-2022-35914 (PoC exploit for GLPI - Command injection using a third-party library script) [Github]
July 30, 2023
- CVE-2022-35914 () [Github]
February 8, 2023
- CVE-2022-35914-poc () [Github]
- CVE-2022-35914 (Unauthenticated RCE in GLPI 10.0.2) [Github]
- CVE-2022-35914 () [Github]
- CVE-2022-35914 () [Github]
- GLPI 10.0.2 Command Injection [Packet Storm]
- CVE-2022-35914 () [Github]
- GLPI htmLawed php command injection [Metasploit]
- CVE-2022-35914-poc () [Github]
- CVE-2022-35914 (Unauthenticated RCE in GLPI 10.0.2) [Github]

Impact: Code execution

Vulnerable software:
GLPI
Web applications / CRM systems

Vendor: glpi-project