cve.circl.lu Open in urlscan Pro
2a00:5980:93::128  Public Scan

URL: https://cve.circl.lu/cve/CVE-2022-35914
Submission: On March 13 via api from IN — Scanned from DE

Form analysis 1 forms found in the DOM

GET

<form id="tfnewsearch" method="get" class="input-group navbar-form" onsubmit="redirect(); return false;">
  <input type="text" class="form-control input-sm" id="search" placeholder="Search CVE">
  <span class="input-group-btn">
    <input type="submit" class="btn btn-default input-sm" value="search">
  </span>
</form>

Text Content

 * Recent CVE
 * Browse CVE per vendor
 * Browse CWEs
 * 
    * About


 1. CVE-Search
 2. CVE-2022-35914

ID CVE-2022-35914 Summary /vendor/htmlawed/htmlawed/htmLawedTest.php in the
htmlawed module for GLPI through 10.0.2 allows PHP code injection. References
 * http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed
 * https://github.com/glpi-project/glpi/releases
 * https://glpi-project.org/fr/glpi-10-0-3-disponible/
 * http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html

Vulnerable Configurations
 * cpe:2.3:a:glpi-project:glpi:-:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:-:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.5:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.5:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.5:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.5:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.5:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.5:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.6:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.6:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.6:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.6:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.6:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.6:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.6:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.6:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.6:rc3:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.6:rc3:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.20:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.20:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.20.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.20.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.21:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.21:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.30:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.30:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.31:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.31:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.40:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.40:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.41:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.41:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.42:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.42:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.50:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.50:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.51:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.51:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.51:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.51:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.51:a:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.51:a:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.51a:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.51a:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.60:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.60:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.65:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.65:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.65:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.65:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.65:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.65:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.65:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.65:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.68:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.68:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.68:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.68:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.68:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.68:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.68:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.68:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.68:rc3:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.68:rc3:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.68.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.68.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.68.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.68.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.68.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.68.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.68.3-2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.68.3-2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.70:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.70:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.70:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.70:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.70:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.70:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.70:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.70:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.70:rc3:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.70:rc3:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.70.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.70.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.70.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.70.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.1:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.1:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.1:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.1:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.1:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.1:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.1:rc3:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.1:rc3:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.71.6:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.71.6:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72:rc3:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72:rc3:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.72.21:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.72.21:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.78:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.78:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.78.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.78.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.78.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.78.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.78.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.78.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.78.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.78.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.78.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.78.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.80:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.80:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.80.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.80.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.80.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.80.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.80.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.80.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.80.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.80.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.80.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.80.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.80.6:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.80.6:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.80.7:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.80.7:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.80.61:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.80.61:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.6:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.6:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.7:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.7:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.8:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.8:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.9:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.9:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.31:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.31:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.83.91:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.83.91:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.84:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.84:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.84.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.84.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.84.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.84.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.84.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.84.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.84.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.84.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.84.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.84.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.84.6:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.84.6:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.84.7:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.84.7:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.84.8:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.84.8:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.85:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.85:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.85.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.85.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.85.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.85.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.85.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.85.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.85.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.85.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.85.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.85.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90:beta1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90:beta1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90:beta2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90:beta2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:0.90.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:0.90.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.0:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.0:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.0:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.0:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.0:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.0:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.6:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.6:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.7:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.7:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.1.7.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.1.7.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2.0:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2.0:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2.0:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2.0:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2.0:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2.0:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.2.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.2.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.3.0:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.3.0:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.3.0:beta1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.3.0:beta1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.3.0:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.3.0:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.3.0:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.3.0:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.3.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.3.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.3.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.3.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.3.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.3.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.3.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.3.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.0:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.0:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.0:beta1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.0:beta1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.0:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.0:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.0:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.0:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.1.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.1.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.4.6:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.4.6:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.5.0:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.5.0:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.5.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.5.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.5.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.5.2:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.5.3:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.5.3:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.5.4:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.5.4:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.5.5:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.5.5:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.5.6:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.5.6:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.5.7:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.5.7:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:9.5.8:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:9.5.8:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:10.0.0:-:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:10.0.0:-:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:10.0.0:beta:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:10.0.0:beta:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:10.0.0:rc1:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:10.0.0:rc1:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:10.0.0:rc2:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:10.0.0:rc2:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:10.0.0:rc3:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:10.0.0:rc3:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:10.0.1:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:10.0.1:*:*:*:*:*:*:*
 * cpe:2.3:a:glpi-project:glpi:10.0.2:*:*:*:*:*:*:*
   cpe:2.3:a:glpi-project:glpi:10.0.2:*:*:*:*:*:*:*

CVSS

Base: None Impact: Exploitability:

CWE CWE-74 CAPEC
 * Blind SQL Injection
   Blind SQL Injection results from an insufficient mitigation for SQL
   Injection. Although suppressing database error messages are considered best
   practice, the suppression alone is not sufficient to prevent SQL Injection.
   Blind SQL Injection is a form of SQL Injection that overcomes the lack of
   error messages. Without the error messages that facilitate SQL Injection, the
   adversary constructs input strings that probe the target through simple
   Boolean SQL expressions. The adversary can determine if the syntax and
   structure of the injection was successful based on whether the query was
   executed or not. Applied iteratively, the adversary determines how and where
   the target is vulnerable to SQL Injection.
 * XQuery Injection
   This attack utilizes XQuery to probe and attack server systems; in a similar
   manner that SQL Injection allows an attacker to exploit SQL calls to RDBMS,
   XQuery Injection uses improperly validated data that is passed to XQuery
   commands to traverse and execute commands that the XQuery routines have
   access to. XQuery injection can be used to enumerate elements on the victim's
   environment, inject commands to the local host, or execute queries to remote
   files and data sources.
 * Overflow Variables and Tags
   This type of attack leverages the use of tags or variables from a formatted
   configuration data to cause buffer overflow. The attacker crafts a malicious
   HTML page or configuration file that includes oversized strings, thus causing
   an overflow.
 * Postfix, Null Terminate, and Backslash
   If a string is passed through a filter of some kind, then a terminal NULL may
   not be valid. Using alternate representation of NULL allows an attacker to
   embed the NULL mid-string while postfixing the proper data so that the filter
   is avoided. One example is a filter that looks for a trailing slash
   character. If a string insertion is possible, but the slash must exist, an
   alternate encoding of NULL in mid-string may be used.
 * Manipulating Web Input to File System Calls
   An attacker manipulates inputs to the target software which the target
   software passes to file system calls in the OS. The goal is to gain access
   to, and perhaps modify, areas of the file system that the target software did
   not intend to be accessible.
 * Using Unicode Encoding to Bypass Validation Logic
   An attacker may provide a Unicode string to a system component that is not
   Unicode aware and use that to circumvent the filter or cause the classifying
   mechanism to fail to properly understanding the request. That may allow the
   attacker to slip malicious data past the content filter and/or possibly cause
   the application to route the request incorrectly.
 * Buffer Overflow in an API Call
   This attack targets libraries or shared code modules which are vulnerable to
   buffer overflow attacks. An attacker who has access to an API may try to
   embed malicious code in the API function call and exploit a buffer overflow
   vulnerability in the function's implementation. All clients that make use of
   the code library thus become vulnerable by association. This has a very broad
   effect on security across a system, usually affecting more than one software
   process.
 * XPath Injection
   An attacker can craft special user-controllable input consisting of XPath
   expressions to inject the XML database and bypass authentication or glean
   information that he normally would not be able to. XPath Injection enables an
   attacker to talk directly to the XML database, thus bypassing the application
   completely. XPath Injection results from the failure of an application to
   properly sanitize input used as part of dynamic XPath expressions used to
   query an XML database.
 * HTTP Response Splitting
   This attack uses a maliciously-crafted HTTP request in order to cause a
   vulnerable web server to respond with an HTTP response stream that will be
   interpreted by the client as two separate responses instead of one. This is
   possible when user-controlled input is used unvalidated as part of the
   response headers. The target software, the client, will interpret the
   injected header as being a response to a second request, thereby causing the
   maliciously-crafted contents be displayed and possibly cached.
 * Using Slashes and URL Encoding Combined to Bypass Validation Logic
   This attack targets the encoding of the URL combined with the encoding of the
   slash characters. An attacker can take advantage of the multiple ways of
   encoding a URL and abuse the interpretation of the URL. A URL may contain
   special character that need special syntax handling in order to be
   interpreted. Special characters are represented using a percentage character
   followed by two digits representing the octet code of the original character
   (%HEX-CODE). For instance US-ASCII space character would be represented with
   %20. This is often referred as escaped ending or percent-encoding. Since the
   server decodes the URL from the requests, it may restrict the access to some
   URL paths by validating and filtering out the URL requests it received. An
   attacker will try to craft an URL with a sequence of special characters which
   once interpreted by the server will be equivalent to a forbidden URL. It can
   be difficult to protect against this attack since the URL can contain other
   format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
 * Embedding NULL Bytes
   An attacker embeds one or more null bytes in input to the target software.
   This attack relies on the usage of a null-valued byte as a string terminator
   in many environments. The goal is for certain components of the target
   software to stop processing the input when it encounters the null byte(s).
 * String Format Overflow in syslog()
   This attack targets the format string vulnerabilities in the syslog()
   function. An attacker would typically inject malicious input in the format
   string parameter of the syslog function. This is a common problem, and many
   public vulnerabilities and associated exploits have been posted.
 * Using Escaped Slashes in Alternate Encoding
   This attack targets the use of the backslash in alternate encoding. An
   attacker can provide a backslash as a leading character and causes a parser
   to believe that the next character is special. This is called an escape. By
   using that trick, the attacker tries to exploit alternate ways to encode the
   same character which leads to filter problems and opens avenues to attack.
 * Buffer Overflow via Environment Variables
   This attack pattern involves causing a buffer overflow through manipulation
   of environment variables. Once the attacker finds that they can modify an
   environment variable, they may try to overflow associated buffers. This
   attack leverages implicit trust often placed in environment variables.
 * Filter Failure through Buffer Overflow
   In this attack, the idea is to cause an active filter to fail by causing an
   oversized transaction. An attacker may try to feed overly long input strings
   to the program in an attempt to overwhelm the filter (by causing a buffer
   overflow) and hoping that the filter does not fail securely (i.e. the user
   input is let into the system unfiltered).
 * HTTP Response Smuggling
   An attacker injects content into a server response that is interpreted
   differently by intermediaries than it is by the target browser. To do this,
   it takes advantage of inconsistent or incorrect interpretations of the HTTP
   protocol by various applications. For example, it might use different block
   terminating characters (CR or LF alone), adding duplicate header fields that
   browsers interpret as belonging to separate responses, or other techniques.
   Consequences of this attack can include response-splitting, cross-site
   scripting, apparent defacement of targeted sites, cache poisoning, or similar
   actions.
 * Buffer Overflow via Parameter Expansion
   In this attack, the target software is given input that the attacker knows
   will be modified and expanded in size during processing. This attack relies
   on the target software failing to anticipate that the expanded data may
   exceed some internal limit, thereby creating a buffer overflow.
 * Poison Web Service Registry
   SOA and Web Services often use a registry to perform look up, get schema
   information, and metadata about services. A poisoned registry can redirect
   (think phishing for servers) the service requester to a malicious service
   provider, provide incorrect information in schema or metadata (to effect a
   denial of service), and delete information about service provider interfaces.
   WS-Addressing is used to virtualize services, provide return addresses and
   other routing information, however, unless the WS-Addressing headers are
   protected they are vulnerable to rewriting. The attacker that can rewrite
   WS-addressing information gains the ability to route service requesters to
   any service providers, and the ability to route service provider response to
   any service. Content in a registry is deployed by the service provider. The
   registry in an SOA or Web Services system can be accessed by the service
   requester via UDDI or other protocol. The basic flow for the attacker
   consists of either altering the data at rest in the registry or uploading
   malicious content by spoofing a service provider. The service requester is
   then redirected to send its requests and/or responses to services the
   attacker controls.
 * Argument Injection
   An attacker changes the behavior or state of a targeted application through
   injecting data or command syntax through the targets use of non-validated and
   non-filtered arguments of exposed services or methods.
 * URL Encoding
   This attack targets the encoding of the URL. An attacker can take advantage
   of the multiple way of encoding an URL and abuse the interpretation of the
   URL. An URL may contain special character that need special syntax handling
   in order to be interpreted. Special characters are represented using a
   percentage character followed by two digits representing the octet code of
   the original character (%HEX-CODE). For instance US-ASCII space character
   would be represented with %20. This is often referred as escaped ending or
   percent-encoding. Since the server decodes the URL from the requests, it may
   restrict the access to some URL paths by validating and filtering out the URL
   requests it received. An attacker will try to craft an URL with a sequence of
   special characters which once interpreted by the server will be equivalent to
   a forbidden URL. It can be difficult to protect against this attack since the
   URL can contain other format of encoding such as UTF-8 encoding,
   Unicode-encoding, etc. The attacker could also subvert the meaning of the URL
   string request by encoding the data being sent to the server through a GET
   request. For instance an attacker may subvert the meaning of parameters used
   in a SQL request and sent through the URL string (See Example section).
 * Using UTF-8 Encoding to Bypass Validation Logic
   This attack is a specific variation on leveraging alternate encodings to
   bypass validation logic. This attack leverages the possibility to encode
   potentially harmful input in UTF-8 and submit it to applications not
   expecting or effective at validating this encoding standard making input
   filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a
   variable-length character encoding for Unicode. Legal UTF-8 characters are
   one to four bytes long. However, early version of the UTF-8 specification got
   some entries wrong (in some cases it permitted overlong characters). UTF-8
   encoders are supposed to use the "shortest possible" encoding, but naive
   decoders may accept encodings that are longer than necessary. According to
   the RFC 3629, a particularly subtle form of this attack can be carried out
   against a parser which performs security-critical validity checks against the
   UTF-8 encoded form of its input, but interprets certain illegal octet
   sequences as characters.
 * Buffer Overflow in Local Command-Line Utilities
   This attack targets command-line utilities available in a number of shells.
   An attacker can leverage a vulnerability found in a command-line utility to
   escalate privilege to root.
 * SQL Injection
   This attack exploits target software that constructs SQL statements based on
   user input. An attacker crafts input strings so that when the target software
   constructs SQL statements based on the input, the resulting SQL statement
   performs actions other than those the application intended. SQL Injection
   results from failure of the application to appropriately validate input. When
   specially crafted user-controlled input consisting of SQL syntax is used
   without proper validation as part of SQL queries, it is possible to glean
   information from the database in ways not envisaged during application
   design. Depending upon the database and the design of the application, it may
   also be possible to leverage injection to have the database execute
   system-related commands of the attackers' choice. SQL Injection enables an
   attacker to talk directly to the database, thus bypassing the application
   completely. Successful injection can cause information disclosure as well as
   ability to add or modify data in the database. In order to successfully
   inject SQL and retrieve information from a database, an attacker:
 * Using Slashes in Alternate Encoding
   This attack targets the encoding of the Slash characters. An attacker would
   try to exploit common filtering problems related to the use of the slashes
   characters to gain access to resources on the target host. Directory-driven
   systems, such as file systems and databases, typically use the slash
   character to indicate traversal between directories or other container
   components. For murky historical reasons, PCs (and, as a result, Microsoft
   OSs) choose to use a backslash, whereas the UNIX world typically makes use of
   the forward slash. The schizophrenic result is that many MS-based systems are
   required to understand both forms of the slash. This gives the attacker many
   opportunities to discover and abuse a number of common filtering problems.
   The goal of this pattern is to discover server software that only applies
   filters to one version, but not the other.
 * Client-side Injection-induced Buffer Overflow
   This type of attack exploits a buffer overflow vulnerability in targeted
   client software through injection of malicious content from a custom-built
   hostile service.
 * Fuzzing
   In this attack pattern, the adversary leverages fuzzing to try to identify
   weaknesses in the system. Fuzzing is a software security and functionality
   testing method that feeds randomly constructed input to the system and looks
   for an indication that a failure in response to that input has occurred.
   Fuzzing treats the system as a black box and is totally free from any
   preconceptions or assumptions about the system. Fuzzing can help an attacker
   discover certain assumptions made about user input in the system. Fuzzing
   gives an attacker a quick way of potentially uncovering some of these
   assumptions despite not necessarily knowing anything about the internals of
   the system. These assumptions can then be turned against the system by
   specially crafting user input that may allow an attacker to achieve his
   goals.
 * MIME Conversion
   An attacker exploits a weakness in the MIME conversion routine to cause a
   buffer overflow and gain control over the mail server machine. The MIME
   system is designed to allow various different information formats to be
   interpreted and sent via e-mail. Attack points exist when data are converted
   to MIME compatible format and back.
 * Buffer Overflow via Symbolic Links
   This type of attack leverages the use of symbolic links to cause buffer
   overflows. An attacker can try to create or manipulate a symbolic link file
   such that its contents result in out of bounds data. When the target software
   processes the symbolic link file, it could potentially overflow internal
   buffers with insufficient bounds checking.
 * Server Side Include (SSI) Injection
   An attacker can use Server Side Include (SSI) Injection to send code to a web
   application that then gets executed by the web server. Doing so enables the
   attacker to achieve similar results to Cross Site Scripting, viz., arbitrary
   code execution and information disclosure, albeit on a more limited scale,
   since the SSI directives are nowhere near as powerful as a full-fledged
   scripting language. Nonetheless, the attacker can conveniently gain access to
   sensitive files, such as password files, and execute shell commands.
 * Command Line Execution through SQL Injection
   An attacker uses standard SQL injection methods to inject data into the
   command line for execution. This could be done directly through misuse of
   directives such as MSSQL_xp_cmdshell or indirectly through injection of data
   into the database that would be interpreted as shell commands. Sometime
   later, an unscrupulous backend application (or could be part of the
   functionality of the same application) fetches the injected data stored in
   the database and uses this data as command line arguments without performing
   proper validation. The malicious data escapes that data plane by spawning new
   commands to be executed on the host.
 * Double Encoding
   The adversary utilizes a repeating of the encoding process for a set of
   characters (that is, character encoding a character encoding of a character)
   to obfuscate the payload of a particular request. This may allow the
   adversary to bypass filters that attempt to detect illegal characters or
   strings, such as those that might be used in traversal or injection attacks.
   Filters may be able to catch illegal encoded strings, but may not catch
   doubly encoded strings. For example, a dot (.), often used in path traversal
   attacks and therefore often blocked by filters, could be URL encoded as %2E.
   However, many filters recognize this encoding and would still block the
   request. In a double encoding, the % in the above URL encoding would be
   encoded again as %25, resulting in %252E which some filters might not catch,
   but which could still be interpreted as a dot (.) by interpreters on the
   target.
 * Subverting Environment Variable Values
   The attacker directly or indirectly modifies environment variables used by or
   controlling the target software. The attacker's goal is to cause the target
   software to deviate from its expected operation in a manner that benefits the
   attacker.
 * Format String Injection
   An adversary includes formatting characters in a string input field on the
   target application. Most applications assume that users will provide static
   text and may respond unpredictably to the presence of formatting character.
   For example, in certain functions of the C programming languages such as
   printf, the formatting character %s will print the contents of a memory
   location expecting this location to identify a string and the formatting
   character %n prints the number of DWORD written in the memory. An adversary
   can use this to read or write to memory locations or files, or simply to
   manipulate the value of the resulting text in unexpected ways. Reading or
   writing memory may result in program crashes and writing memory could result
   in the execution of arbitrary code if the adversary can write to the program
   stack.
 * XML Injection
   An attacker utilizes crafted XML user-controllable input to probe, attack,
   and inject data into the XML database, using techniques similar to SQL
   injection. The user-controllable input can allow for unauthorized viewing of
   data, bypassing authentication or the front-end application for direct XML
   database access, and possibly altering database information.
 * Leverage Alternate Encoding
   An adversary leverages the possibility to encode potentially harmful input or
   content used by applications such that the applications are ineffective at
   validating this encoding standard.
 * Using Leading 'Ghost' Character Sequences to Bypass Input Filters
   Some APIs will strip certain leading characters from a string of parameters.
   An adversary can intentionally introduce leading "ghost" characters (extra
   characters that don't affect the validity of the request at the API layer)
   that enable the input to pass the filters and therefore process the
   adversary's input. This occurs when the targeted API will accept input data
   in several syntactic forms and interpret it in the equivalent semantic way,
   while the filter does not take into account the full spectrum of the
   syntactic forms acceptable to the targeted API.
 * Exploiting Multiple Input Interpretation Layers
   An attacker supplies the target software with input data that contains
   sequences of special characters designed to bypass input validation logic.
   This exploit relies on the target making multiples passes over the input data
   and processing a "layer" of special characters with each pass. In this
   manner, the attacker can disguise input that would otherwise be rejected as
   invalid by concealing it with layers of special/escape characters that are
   stripped off by subsequent processing steps. The goal is to first discover
   cases where the input validation layer executes before one or more parsing
   layers. That is, user input may go through the following logic in an
   application: <parser1> --> <input validator> --> <parser2>. In such cases,
   the attacker will need to provide input that will pass through the input
   validator, but after passing through parser2, will be converted into
   something that the input validator was supposed to stop.

Access

VectorComplexityAuthentication

Impact

ConfidentialityIntegrityAvailability

Last major update 28-10-2022 - 21:14 Published 19-09-2022 - 16:15 Last modified
28-10-2022 - 21:14

Back to Top