GLPI - RCE (CVE-2022-35914)
8537Exploiting IPs reported
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
CrowdSec analysis
CVE-2022-35914 is a vulnerability in the htmLawed module for GLPI that enables PHP code injection through direct access to a test script within the application’s vendor directory.
CrowdSec has been tracking this vulnerability and its exploits since 7th of October 2022.
CrowdSec network data shows that most actors exploiting CVE-2022-35914 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2022-35914 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2022-35914 is currently experiencing high visibility and active exploitation across the internet.
Observed exploitation attempts focus on requests to URLs containing /vendor/htmlawed/htmlawed/htmLawedTest.php.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.