CVE-2023-29006 - Vulnerability Details - OpenCVE

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0069.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Glpi-project	Order

Configuration 1 [-]

OR	cpe:2.3:a:glpi-project:order::::::glpi::*
	cpe:2.3:a:glpi-project:order:2.10.0:::::glpi::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-32621	The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e
https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm

History

Mon, 10 Feb 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-05T17:53:03.041Z

Updated: 2025-02-10T15:23:39.714Z

Reserved: 2023-03-29T17:39:16.142Z

Link: CVE-2023-29006

Vulnrichment

Updated: 2024-08-02T14:00:14.398Z

NVD

Status : Modified

Published: 2023-04-05T18:15:08.657

Modified: 2024-11-21T07:56:22.780

Link: CVE-2023-29006

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29006", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-29T17:39:16.142Z", "datePublished": "2023-04-05T17:53:03.041Z", "dateUpdated": "2025-02-10T15:23:39.714Z"}, "containers": {"cna": {"title": "Order GLPI plugin vulnerable to remote code execution from authenticated user", "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "lang": "en", "description": "CWE-502: Deserialization of Untrusted Data", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm"}, {"name": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e", "tags": ["x_refsource_MISC"], "url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e"}], "affected": [{"vendor": "pluginsGLPI", "product": "order", "versions": [{"version": ">= 1.8.0, < 2.7.7", "status": "affected"}, {"version": ">= 2.10.0, < 2.10.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-05T17:53:03.041Z"}, "descriptions": [{"lang": "en", "value": "The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin."}], "source": {"advisory": "GHSA-xfx2-qx2r-3wwm", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:00:14.398Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm"}, {"name": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-10T15:23:31.220646Z", "id": "CVE-2023-29006", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T15:23:39.714Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm", "name": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e", "name": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:00:14.398Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-29006", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-10T15:23:31.220646Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T15:23:22.912Z"}}], "cna": {"title": "Order GLPI plugin vulnerable to remote code execution from authenticated user", "source": {"advisory": "GHSA-xfx2-qx2r-3wwm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pluginsGLPI", "product": "order", "versions": [{"status": "affected", "version": ">= 1.8.0, < 2.7.7"}, {"status": "affected", "version": ">= 2.10.0, < 2.10.1"}]}], "references": [{"url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm", "name": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e", "name": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-05T17:53:03.041Z"}}}, "cveMetadata": {"cveId": "CVE-2023-29006", "state": "PUBLISHED", "dateUpdated": "2025-02-10T15:23:39.714Z", "dateReserved": "2023-03-29T17:39:16.142Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-04-05T17:53:03.041Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:glpi-project:order:*:*:*:*:*:glpi:*:*", "matchCriteriaId": "09602A38-560F-4C72-8933-63F97DA318D9", "versionEndExcluding": "2.7.7", "versionStartIncluding": "1.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:glpi-project:order:2.10.0:*:*:*:*:glpi:*:*", "matchCriteriaId": "88E31548-BD8B-46ED-8CD9-48F1E615369A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin."}], "id": "CVE-2023-29006", "lastModified": "2024-11-21T07:56:22.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-05T18:15:08.657", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security-advisories@github.com", "type": "Secondary"}]}