CVE-2022-45052

Опубликовано: 04 янв. 2023

Источник: nvd

CVSS3: 8.8

CVSS3: 6.5

EPSS Низкий

Описание

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.

Ссылки

https://csirt.divd.nl/CVE-2022-45052/
Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00064/
Third Party Advisory
https://csirt.divd.nl/CVE-2022-45052/
Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00064/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:axiell:iguana:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.5.02 (исключая)

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00346

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-552

Связанные уязвимости

GHSA-67q5-5xj6-vp4m

CVSS3: 6.5

github

около 3 лет назад

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server.

EPSS

Процентиль: 57%

0.00346

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-552