Team,

#Date: 04/12/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Arbitrary File Upload
#Tested on: Windows 8.1
#Product: iTop
#Version: 2.2.0
#Description: iTop 2.2.0 is prone to a vulnerability that lets attackers
upload arbitrary files. The issue occurs because the application fails to
adequately sanitize user-supplied input. An attacker can exploit this issue
to upload arbitrary code and run it in the context of the web server
process; other attacks are also possible.

Notified Vendor: November 04, 2015
No Response from Vendor as on date
Public Disclosure: December 04, 2015
Reference: *http://sourceforge.net/p/itop/tickets/1168/
<http://sourceforge.net/p/itop/tickets/1168/>*

Thanks,
*Joel V*