CVE-2022-35914

This exploit leverages a Remote Code Execution (RCE) vulnerability in htmlLawed <= 1.2.5 by sending a crafted POST request with a command embedded in the 'text' parameter. The response is parsed to extract the command output.

This repository contains a functional Python exploit for CVE-2022-35914, which targets a command injection vulnerability in GLPI via a third-party library script. The exploit automates the process of checking for vulnerability and executing arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2022-35914, a command injection vulnerability in GLPI via a third-party library script. The exploit sends crafted POST requests to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2022-35914, a command injection vulnerability in GLPI's htmLawedTest.php. The exploit leverages the `call_user_func`, `array_map`, and `passthru` functions to execute arbitrary commands on the target system.

The repository contains a functional exploit for CVE-2022-35914, demonstrating unauthenticated remote code execution (RCE) in GLPI 10.0.2 via a crafted HTTP request to the htmLawedTest.php endpoint. The exploit leverages the 'hhook' parameter to execute arbitrary commands (e.g., 'cat /etc/passwd') without authentication.

This repository contains a functional exploit for CVE-2022-35914, which targets a command injection vulnerability in the htmLawedTest.php file. The exploit sends a crafted POST request with a command payload and parses the response to confirm successful execution.

This repository contains a functional exploit for CVE-2022-35914, a command injection vulnerability in GLPI via the htmLawedTest.php script. The exploit sends crafted HTTP requests to execute arbitrary commands on the target system.

This repository contains a functional Ruby exploit for CVE-2022-35914, which targets an RCE vulnerability in GLPI. The exploit sends crafted POST requests to a vulnerable endpoint, allowing command execution via the 'hhook' parameter set to 'exec'.

The repository contains a functional exploit tool for multiple GLPI vulnerabilities, including CVE-2022-35914. It includes Docker support, detailed usage instructions, and exploit implementations for various CVEs.

This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below via the htmLawed test page. It retrieves a token and session ID, then executes arbitrary commands through a POST request.