Vulnerability Details CVE-2023-29006
The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e
- https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm
- https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e
- https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm
Products affected by CVE-2023-29006
-
cpe:2.3:a:glpi-project:order:1.8.0
-
cpe:2.3:a:glpi-project:order:1.8.1
-
cpe:2.3:a:glpi-project:order:1.9.0
-
cpe:2.3:a:glpi-project:order:1.9.5
-
cpe:2.3:a:glpi-project:order:1.9.6
-
cpe:2.3:a:glpi-project:order:1.9.7
-
cpe:2.3:a:glpi-project:order:2.0.0
-
cpe:2.3:a:glpi-project:order:2.0.1
-
cpe:2.3:a:glpi-project:order:2.0.2
-
cpe:2.3:a:glpi-project:order:2.1.0
-
cpe:2.3:a:glpi-project:order:2.1.1
-
cpe:2.3:a:glpi-project:order:2.10.0
-
cpe:2.3:a:glpi-project:order:2.2.0
-
cpe:2.3:a:glpi-project:order:2.2.1
-
cpe:2.3:a:glpi-project:order:2.3.0
-
cpe:2.3:a:glpi-project:order:2.4.0
-
cpe:2.3:a:glpi-project:order:2.5.0
-
cpe:2.3:a:glpi-project:order:2.5.1
-
cpe:2.3:a:glpi-project:order:2.5.2
-
cpe:2.3:a:glpi-project:order:2.5.3
-
cpe:2.3:a:glpi-project:order:2.6.0
-
cpe:2.3:a:glpi-project:order:2.7.0
-
cpe:2.3:a:glpi-project:order:2.7.1
-
cpe:2.3:a:glpi-project:order:2.7.2
-
cpe:2.3:a:glpi-project:order:2.7.3
-
cpe:2.3:a:glpi-project:order:2.7.4
-
cpe:2.3:a:glpi-project:order:2.7.5
-
cpe:2.3:a:glpi-project:order:2.7.6