Lucene search

[email protected]CVE-2022-32409

HistoryJul 14, 2022 - 10:15 p.m.

CVE-2022-32409

2022-07-1422:15:08

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-32409

lfi

vulnerability

codemirror.php

portal do software publico brasileiro

i3geo v7.0.5

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.473 Medium

EPSS

Percentile

97.5%

JSON

A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.

Affected configurations

NVD

Node

softwarepublicoi3geoMatch7.0.5

CPENameOperatorVersion
softwarepublico:i3geosoftwarepublico i3geoeq7.0.5

CPE	Name	Operator	Version
softwarepublico:i3geo	softwarepublico i3geo	eq	7.0.5

References

github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txt

owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.473 Medium

EPSS

Percentile

97.5%

JSON

Related for CVE-2022-32409

prion1 cvelist1 nuclei1 nvd1