iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module.
The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-15T17:47:51.113Z
Updated: 2024-08-02T21:37:54.644Z
Reserved: 2023-11-17T19:43:37.555Z
Link: CVE-2023-48710
Vulnrichment
Updated: 2024-08-02T21:37:54.644Z
NVD
Status : Awaiting Analysis
Published: 2024-04-15T18:15:09.070
Modified: 2024-11-21T08:32:18.550
Link: CVE-2023-48710
Redhat
No data.