CVE-2022-41216

Cloudflow - Local File Inclusion Vulnerability

CVE CVE-2022-41216
Title Cloudflow - Local File Inclusion Vulnerability
Credits
  • Discovered by Witold Gorecki (finder)
  • Victor Pasman (DIVD) (analyst)
Affected products
Product Affected Unaffected Unknown
Hybrid Software Cloudflow on Windows, MacOS, Linux >= < 2.3.1 to < 2.3.1 (2.x.y)
everything else
CVSS Base score: 8.3 (HIGH)
References
Problem type(s) CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Impact(s) CAPEC-252 PHP Local File Inclusion
Date published
Last modified 11 Jun 2023 13:17 UTC

Description

Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system.

Solution(s)

Upgrade to version 2.3.2 of Cloudflow

JSON version.