High severity7.2OSV Advisory· Published May 2, 2018· Updated Jun 17, 2026
CVE-2018-10642
CVE-2018-10642
Description
Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/arbahayoub/POC/blob/master/itop_command_injection_1.txtnvdExploitThird Party Advisory
- sourceforge.net/p/itop/tickets/1585/nvdIssue Tracking
News mentions
0No linked articles in our index yet.