Ayoub Arbah

**Name of the Vulnerable Software and Affected Versions** Combodo iTop version 2.4.1 **Description** The issue allows remote authenticated administrators to execute arbitrary commands by modifying the platform configuration. This is due to the presence of a function called TestConfig() in web/env-production/itop-config/config.php, which calls the vulnerable function `eval()`. **Recommendations** For Combodo iTop version 2.4.1, consider disabling the `TestConfig()` function or restricting access to the configuration modification feature until a patch is available. As a temporary workaround, avoid using the `eval()` function in the config.php file to minimize the risk of exploitation.