CVE-2023-48710— iTop limit pages/exec.php script to PHP files
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-48710
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iTop limit pages/exec.php script to PHP files
Source: NVD (National Vulnerability Database)
Vulnerability Description
iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对外部实体的文件或目录可访问
Source: NVD (National Vulnerability Database)
Vulnerability Title
iTop 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
iTop是一个提供优化 iTop 所需的所有资源的平台。 iTop 2.7.10, 3.0.4, 3.1.1 和 3.2.0 版本存在安全漏洞,该漏洞源于可以检索 env-production 文件夹中的文件,即使它们的访问权限应受到限制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2023-48710
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-48710
请登录查看更多情报信息。
- https://github.com/Combodo/iTop/security/advisories/GHSA-g652-q7cc-7hfcx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2023-48710
Same Patch Batch · Combodo · 2024-04-15 · 9 CVEs total
| CVE-2023-47622 | 8.8 HIGH | iTop vulnerable to XSS vulnerability in dashlet refresh |
| CVE-2023-47626 | 8.8 HIGH | iTop vulnerable to XSS vulnerability in authent-token |
| CVE-2023-47123 | 8.7 HIGH | iTop vulnerable to XSS vulnerability in n:n relations "tagset" widget |
| CVE-2023-48709 | 8.0 HIGH | iTop vulnerable to potential formula injection in Excel/CSV export file |
| CVE-2023-44396 | 6.8 MEDIUM | iTop vulnerable to XSS in dashlet modifications ajax endpoints |
| CVE-2023-43790 | 5.7 MEDIUM | iTop vulnerable to XSS in friendlyname in object details |
| CVE-2023-38511 | 5.0 MEDIUM | iTop Dashboard editor vulnerable dashboard config file parameter |
| CVE-2023-45808 | 4.1 MEDIUM | iTop missing silo check on extkey in console and portal |
IV. Related Vulnerabilities
Same product: iTop
- CVE-2025-64167
Combodo iTop vulnerable to reflected XSS in webservices/expo - CVE-2025-49145
iTop admin can drop iTop database using webhooks - CVE-2025-48878
Combodo iTop vulnerable to IDOR with ModuleInstallation obje - CVE-2025-48065
Combodo iTop vulnerable to reflected XSS via objection editi - CVE-2025-48055
Combodo iTop has stored XSS in user portal's browse brick
Same vendor: Combodo
- CVE-2025-64167
Combodo iTop vulnerable to reflected XSS in webservices/expo - CVE-2025-49145
iTop admin can drop iTop database using webhooks - CVE-2025-48878
Combodo iTop vulnerable to IDOR with ModuleInstallation obje - CVE-2025-48065
Combodo iTop vulnerable to reflected XSS via objection editi - CVE-2025-48055
Combodo iTop has stored XSS in user portal's browse brick
Same weakness: CWE-552
- CVE-2025-7389
Unauthorized Arbitrary File Read via RMI in AdminServer Inte - CVE-2019-25709
CF Image Hosting Script 1.6.5 Unauthorized Database Access - CVE-2026-33698
Chamilo LMS affected by unauthenticated RCE in main/install - CVE-2021-47960
Synology SSL VPN Client 安全漏洞 - CVE-2026-35446
LORIS has a path traversal in FilesDownloadHandler
V. Comments for CVE-2023-48710
No comments yet