Impact
There is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path.
Patches
Fixed in 2.7.4 and 3.0.0
References
Combodo ref N°3412
Credits
Many thanks to Markus Wulftange / Code White GmbH for this report !
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com
Impact
There is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path.
Patches
Fixed in 2.7.4 and 3.0.0
References
Combodo ref N°3412
Credits
Many thanks to Markus Wulftange / Code White GmbH for this report !
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com