iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-15T17:47:51.113Z

Updated: 2024-08-02T21:37:54.644Z

Reserved: 2023-11-17T19:43:37.555Z

Link: CVE-2023-48710

cve-icon Vulnrichment

Updated: 2024-08-02T21:37:54.644Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-15T18:15:09.070

Modified: 2024-11-21T08:32:18.550

Link: CVE-2023-48710

cve-icon Redhat

No data.