2 matches found
BIQS IT Biqs-drive v1.83 Local File Inclusion
A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...
CVE-2021-39433
BIQS IT Biqs-drive v1.83 and earlier is affected by a Local File Inclusion (LFI) vulnerability in the file parameter used by download/index.php, allowing an attacker to read arbitrary server files with web-user privileges. The issue is confirmed across multiple sources (CVE-2021-39433 entries and...