CVE-2022-45052 - Local File Inclusion in Axiell Iguana CMS
CVE | CVE-2022-45052 | |||||||||||
Discovered by |
|
|||||||||||
Credits |
|
|||||||||||
Affected products |
|
|||||||||||
Page author | Max van der Horst | |||||||||||
CVSS |
Base score:
9.8
(MEDIUM) |
|||||||||||
References | https://csirt.divd.nl/CVE-2022-45052/ | |||||||||||
Problem type(s) | CWE-552 Files or Directories Accessible to External Parties | |||||||||||
Solution(s) | Upgrade to the latest version of Iguana CMS. | |||||||||||
Last modified | 04 Jan 2023 16:28 |
Description
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server.
JSON version