CVE-2022-35914 - Teclib GLPI Remote Code Execution Vulnerability

Vulnerability Name

Teclib GLPI Remote Code Execution Vulnerability

Description

Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://glpi-project.org/fr/glpi-10-0-3-disponible/, http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed.

https://nvd.nist.gov/vuln/detail/CVE-2022-35914