Important: Multiple Security updates for NetEye 4
Security Advisory: Critical
Wuerth Phoenix has released some Critical Patches (CPs) for NetEye 4. These CPs resolve multiple vulnerabilities related to SQL injections, Cross Site Scripting and an unauthenticated remote command execution (RCE) exploit.
GLPI was affected by:
Remove /usr/share/glpi/vendor/htmlawed/htmlawed/htmLawedTest.php
file from the filesystem on all NetEye nodes. This will prevent unauthenticated attackers to compromise your NetEye installation.
For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section inside the User Guide.
All NetEye 4.x versions prior to and including 4.26.