{"id":"CVE-2023-48710","summary":"iTop limit pages/exec.php script to PHP files","details":"iTop is an IT service management platform.  Files from the `env-production` folder can be retrieved even though they should have restricted access.  Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. \n The `pages/exec.php` script as been fixed to limit execution of PHP files only.  Other file types won't be retrieved and exposed.  The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0.","aliases":["GHSA-g652-q7cc-7hfc"],"modified":"2026-05-28T03:54:47.470516864Z","published":"2024-04-15T17:47:51.113Z","database_specific":{"cwe_ids":["CWE-552"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48710.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48710.json"},{"type":"ADVISORY","url":"https://github.com/Combodo/iTop/security/advisories/GHSA-g652-q7cc-7hfc"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48710"},{"type":"FIX","url":"https://github.com/Combodo/iTop/commit/3b2da39469f7a4636ed250ed0d33f4efff38be26"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/combodo/itop","events":[{"introduced":"9b409b117f4b5308678d6ab4f3e3ea6dc1fd58cd"},{"fixed":"be699b4358b253d34835f763316877a66e1ba072"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48710.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}