Unrated severityCISA KEVNVD Advisory· Published Sep 19, 2022· Updated Oct 21, 2025
CVE-2022-35914
CVE-2022-35914
Description
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- GLPI/htmlawed module for GLPIdescription
- Range: <=10.0.2
Patches
Vulnerability mechanics
References
6- packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.htmlmitre
- www.bioinformatics.org/phplabware/sourceer/sourceer.phpmitre
- github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/POC_2022-35914.shmitre
- github.com/glpi-project/glpi/releasesmitre
- glpi-project.org/fr/glpi-10-0-3-disponible/mitre
- mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914/mitre
News mentions
2- ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and MoreThe Hacker News · Jun 8, 2026
- New Gafgyt Variant Targets Multiple Linux Architectures With Modular PropagationCyber Security News · Jun 5, 2026