{"api_version":"1","generated_at":"2026-04-23T05:58:23+00:00","cve":"CVE-2022-24780","urls":{"html":"https://cve.report/CVE-2022-24780","api":"https://cve.report/api/cve/CVE-2022-24780.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-24780","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-24780"},"summary":{"title":"CVE-2022-24780","description":"Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2022-04-05 19:15:00","updated_at":"2022-10-07 03:33:00"},"problem_types":["CWE-94"],"metrics":[],"references":[{"url":"https://markus-krell.de/itop-template-injection-inside-customer-portal/","name":"https://markus-krell.de/itop-template-injection-inside-customer-portal/","refsource":"MISC","tags":[],"title":"iTop – Template Injection inside customer Portal – Personal Page of Markus Krell","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/Combodo/iTop/commit/b6fac4b411b8d145fc30fa35c66b51243eafd06b","name":"https://github.com/Combodo/iTop/commit/b6fac4b411b8d145fc30fa35c66b51243eafd06b","refsource":"MISC","tags":[],"title":"N°4384 Security hardening · Combodo/iTop@b6fac4b · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://packetstormsecurity.com/files/167236/iTop-Remote-Command-Execution.html","name":"http://packetstormsecurity.com/files/167236/iTop-Remote-Command-Execution.html","refsource":"MISC","tags":[],"title":"iTop Remote Command Execution ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/Combodo/iTop/security/advisories/GHSA-v97m-wgxq-rh54","name":"https://github.com/Combodo/iTop/security/advisories/GHSA-v97m-wgxq-rh54","refsource":"CONFIRM","tags":[],"title":"Portal code injection using the formmanager_data field · Advisory · Combodo/iTop · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/Combodo/iTop/commit/eb2a615bd28100442c7f6171707bb40884af2305","name":"https://github.com/Combodo/iTop/commit/eb2a615bd28100442c7f6171707bb40884af2305","refsource":"MISC","tags":[],"title":"N°4384 Security hardening · Combodo/iTop@eb2a615 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/Combodo/iTop/commit/93f273a28778e5da8e51096f021d2dc1adbf4ef3","name":"https://github.com/Combodo/iTop/commit/93f273a28778e5da8e51096f021d2dc1adbf4ef3","refsource":"MISC","tags":[],"title":"N°4384 Fix PHP warning when decoding formmanager_data when it is alre… · Combodo/iTop@93f273a · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-24780","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24780","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"alpha","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"beta","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"beta1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"beta2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"beta3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"beta4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"beta5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"beta6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"beta7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"beta8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"combodo","cpe5":"itop","cpe6":"3.0.0","cpe7":"rc","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2022-24780","STATE":"PUBLIC","TITLE":"Code Injection in Combodo iTop"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"iTop","version":{"version_data":[{"version_value":"< 2.7.6"}]}}]},"vendor_name":"Combodo"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}]},"references":{"reference_data":[{"name":"https://github.com/Combodo/iTop/security/advisories/GHSA-v97m-wgxq-rh54","refsource":"CONFIRM","url":"https://github.com/Combodo/iTop/security/advisories/GHSA-v97m-wgxq-rh54"},{"name":"https://github.com/Combodo/iTop/commit/93f273a28778e5da8e51096f021d2dc1adbf4ef3","refsource":"MISC","url":"https://github.com/Combodo/iTop/commit/93f273a28778e5da8e51096f021d2dc1adbf4ef3"},{"name":"https://github.com/Combodo/iTop/commit/b6fac4b411b8d145fc30fa35c66b51243eafd06b","refsource":"MISC","url":"https://github.com/Combodo/iTop/commit/b6fac4b411b8d145fc30fa35c66b51243eafd06b"},{"name":"https://github.com/Combodo/iTop/commit/eb2a615bd28100442c7f6171707bb40884af2305","refsource":"MISC","url":"https://github.com/Combodo/iTop/commit/eb2a615bd28100442c7f6171707bb40884af2305"},{"name":"https://markus-krell.de/itop-template-injection-inside-customer-portal/","refsource":"MISC","url":"https://markus-krell.de/itop-template-injection-inside-customer-portal/"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/167236/iTop-Remote-Command-Execution.html","url":"http://packetstormsecurity.com/files/167236/iTop-Remote-Command-Execution.html"}]},"source":{"advisory":"GHSA-v97m-wgxq-rh54","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-04-05 19:15:00","lastModifiedDate":"2022-10-07 03:33:00","problem_types":["CWE-94"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:alpha:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:beta:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:beta2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:beta3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:beta4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:beta5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:beta1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:beta6:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:beta7:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:beta8:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:combodo:itop:3.0.0:rc:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"24780","Ordinal":"228259","Title":"CVE-2022-24780","CVE":"CVE-2022-24780","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"24780","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}