PT-2022-23020 · Glpi+2 · Glpi+2

Mayfly

·

Published

2016-08-25

·

Updated

2026-06-03

·

CVE-2022-35914

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GLPI versions through 10.0.2
Description The issue allows PHP code injection in the htmlawed module, specifically through the /vendor/htmlawed/htmlawed/htmLawedTest.php file.
Recommendations For GLPI versions through 10.0.2, update to a version that contains a fix for this issue to prevent PHP code injection.

Exploit

Fix

Special Elements Injection

Code Injection

Weakness Enumeration

CWE-74CWE-94

Related Identifiers

ALT-PU-2016-1892
ALT-PU-2020-3130
ALT-PU-2020-3162
ALT-PU-2020-3557
ALT-PU-2020-3558
ALT-PU-2021-1583
ALT-PU-2021-1660
ALT-PU-2021-1793
ALT-PU-2021-1910
ALT-PU-2021-3030
ALT-PU-2021-3038
ALT-PU-2021-3059
ALT-PU-2022-1463
ALT-PU-2022-1514
ALT-PU-2022-1526
ALT-PU-2022-1914
ALT-PU-2022-2177
ALT-PU-2022-2221
ALT-PU-2022-2291
ALT-PU-2022-2614
ALT-PU-2022-2624
ALT-PU-2022-2665
ALT-PU-2022-3008
ALT-PU-2022-3078
ALT-PU-2022-3274
ALT-PU-2023-1471
ALT-PU-2023-1490
ALT-PU-2023-1537
ALT-PU-2023-1801
ALT-PU-2023-1932
ALT-PU-2023-2081
ALT-PU-2023-4552
ALT-PU-2023-5122
ALT-PU-2023-6186
ALT-PU-2023-7633
ALT-PU-2023-8061
ALT-PU-2023-8087
ALT-PU-2024-2541
ALT-PU-2024-2543
ALT-PU-2024-4487
ALT-PU-2024-4750
ALT-PU-2024-7181
ALT-PU-2024-7305
ALT-PU-2024-8030
ALT-PU-2024-8094
BDU:2025-03383
CVE-2022-35914

Affected Products

Alt Linux
Glpi
Red Os