Addressing report filter triggers Command Injection detection (Bitdefender) #91
Description
Description
When using the Addressing (IP Addressing) plugin report and changing the number of displayed records (e.g. 250), the request is blocked by Bitdefender Endpoint Security Tools, which detects a Command Injection attempt.
I searched both open and closed issues and did not find any report matching this behavior.
Steps to Reproduce
- Open GLPI with the Addressing plugin enabled
- Go to Addressing → Report
- Apply any filter
- Change the number of displayed records (e.g. 250)
- The request is blocked by the endpoint security agent
Observed Behavior
Bitdefender blocks the page with the following message:
Module: Network Attack Defense
Reason: Exploit.CommandInjection.Gen.43
Blocked request example:
/plugins/addressing/front/addressing.form.php
?id=1&ping_on=1&ping_off=1&filter=0
&seeallotedip=1&seedoubleip=1
&seereservedip=1&seefreeip=1
&start=0
Expected Behavior
The report filtering and pagination should work normally without triggering endpoint security software.
Security Context
There is an existing security advisory that may be related:
This may indicate:
- Remaining vulnerable code path
- Insufficient input validation/sanitization
- Or a false positive caused by query parameters
Environment
GLPI
- Version: 11.0.0
- Installation mode: Tarball
- Language: pt_BR
Server
- OS: Debian GNU/Linux 10 (5.10)
- Web server: Apache
- PHP: 8.2.29
Addressing plugin
- Version: 3.1.1
- Install method: Marketplace
- State: Enabled
Additional Notes
- Reproducible with any record quantity
- Happens only on this report page
- Other GLPI pages work as expected
Questions
- Is this a known issue or already fixed in a newer plugin version?
- Is there any recommended mitigation?
- Should this be reported as a security issue instead?