This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: GLPI v10.0.2 & earlier suffers from **PHP Code Injection** via the `htmLawedTest.php` file. <br>π₯ **Consequences**: Attackers can execute arbitrary PHP commands, leading to full system compromise.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Flaw in the **htmlawed** module (`/vendor/htmlawed/htmlawed/htmLawedTest.php`). <br>β οΈ **CWE**: Not specified in data, but clearly a **Code Injection** flaw allowing untrusted input execution.
π **Privileges**: **Unauthenticated Remote Code Execution (RCE)**. <br>π **Data**: Full access to server commands (e.g., `cat /etc/passwd`). <br>π **Impact**: Complete takeover of the affected instance without login.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. <br>π **Auth**: **None required** (Unauthenticated). <br>βοΈ **Config**: Direct HTTP POST to specific test endpoint. Easy to trigger.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp**: **YES**. <br>π **PoCs**: Multiple GitHub repos (e.g., `0xGabe`, `Lzer0Kx01`) provide curl commands and scripts. <br>π **Wild Exp**: Active scanning tools exist for batch detection.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Send POST request to `/vendor/htmlawed/htmlawed/htmLawedTest.php` with `hhook=exec`. <br>π‘ **Scan**: Use provided GitHub PoC scripts or PacketStorm reports to identify vulnerable instances.
π§ **No Patch?**: **Block Access**: Restrict access to `/vendor/htmlawed/` directory via WAF or Nginx/Apache config. <br>π« **Disable**: If possible, remove or disable the `htmLawedTest.php` file entirely.
Q10Is it urgent? (Priority Suggestion)
β‘ **Urgency**: **CRITICAL**. <br>π¨ **Priority**: **Immediate Action**. Unauthenticated RCE is high-risk. Update to v10.0.3+ or apply network restrictions NOW.