Vulnerability feed

Vulnerability

CVE-2022-35914

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-35914
Description:: /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
Last updated date:: 03/12/2025

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 10/03/2022
Reference url to background: https://glpi-project.org/security-update-10-0-3-and-9-5-9/

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 03/07/2023
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/30/2022
Reference url to background: https://github.com/cactuschibre/CVE-2022-35914-poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/30/2022
Reference url to background: https://github.com/cosad3s/CVE-2022-35914-poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/24/2022
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/glpi_htmlawed_php_injection.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/28/2022
Reference url to background: http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/12/2025
Reference url to background: https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/POC_2022-35914.sh

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/12/2025
Reference url to background: https://mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914/

Vulnerability Feed Contributors About Blog

@inTheWild

©2025 |