iTop (ITSM & CMDB) is a complete open source, ITIL, web based service management tool including a fully customizable CMDB, a helpdesk system and a document management tool. It is developed by Combodo and hosted on GitHub
We found a bypass to the CSRF function, which could be used to create a new administrator account or execute code remotely through a variation of the CVE-2018-10642
vulnerability (when an administrator account is targeted).