CVE-2018-10642

Name of the Vulnerable Software and Affected Versions Combodo iTop version 2.4.1

Description The issue allows remote authenticated administrators to execute arbitrary commands by modifying the platform configuration. This is due to the presence of a function called TestConfig() in web/env-production/itop-config/config.php, which calls the vulnerable function eval().

Recommendations For Combodo iTop version 2.4.1, consider disabling the TestConfig() function or restricting access to the configuration modification feature until a patch is available. As a temporary workaround, avoid using the eval() function in the config.php file to minimize the risk of exploitation.