CVE-2024-52002

HIGH

Combodo iTop - CSRF

Title source: llm

Description

Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Exploits (1)

nomisec WORKING POC

by Harshit-Mashru · poc

https://github.com/Harshit-Mashru/iTop-CVEs-exploit

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://github.com/Combodo/iTop/security/advisories/GHSA-xr4x-xq7v-7gqm

Scores

CVSS v3 8.8

EPSS 0.0699

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

combodo/itop < 3.2.0

Published Nov 08, 2024

Tracked Since Feb 18, 2026