CVE-2022-35914

CRITICAL 9.8

⚠️ CISA KEV

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.

Vendor	n/a
Product	n/a
Published	Sep 19, 2022
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for n/a n/a

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2022-35914.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bioinformatics.org: http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed github.com: https://github.com/glpi-project/glpi/releases glpi-project.org: https://glpi-project.org/fr/glpi-10-0-3-disponible/ packetstormsecurity.com: http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html github.com: https://github.com/Orange-Cyberdefense/CVE-repository/ github.com: https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/POC_2022-35914.sh mayfly277.github.io: https://mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-35914