Unrated severityNVD Advisory· Published Feb 14, 2020· Updated Aug 4, 2024
CVE-2019-11215
CVE-2019-11215
Description
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Combodo/iTopdescription
Patches
Vulnerability mechanics
References
2- 0day.love/itop_vulnerabilities_disclosure.pdfmitrex_refsource_MISC
- www.itophub.io/wiki/pagemitrex_refsource_MISC
News mentions
0No linked articles in our index yet.