CVE-2023-47489

Name of the Vulnerable Software and Affected Versions Combodo iTop version 3.1.0-2-11973

Description The issue is related to a CSV injection in the export as CSV feature, allowing a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. This is also associated with a buffer copy without checking the size of the input data, which can be exploited to execute arbitrary code.

Recommendations For version 3.1.0-2-11973, consider disabling the export as CSV feature or restricting access to the export-v2.php and ajax.render.php components until a patch is available. As a temporary workaround, avoid using the export as CSV feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.