CVE-2022-45052

EPSS 0.26%
Veröffentlicht 04.01.2023 19:15:09
Zuletzt bearbeitet 21.11.2024 07:28:41
Quelle csirt@divd.nl
CVE-Watchlists
Login
Unerledigt
Login

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axiell ≫ Iguana Version >= 4.0.0 < 4.5.02

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.496

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
csirt@divd.nl	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://csirt.divd.nl/DIVD-2022-00064/

Third Party Advisory

https://csirt.divd.nl/CVE-2022-45052/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45052

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45052

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45052

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-45052