Skip to the content.

CVE-2022-45052 - Local File Inclusion in Axiell Iguana CMS

CVE CVE-2022-45052
Discovered by
  • Amr Al Hallak
Credits
Affected products
Product Affected Unaffected Unknown
Axiell Iguana on Windows, Linux >= semver 4 to < 4.5.02
everything else
Page author Max van der Horst
CVSS Base score: 9.8 (MEDIUM)
References https://csirt.divd.nl/CVE-2022-45052/
Problem type(s) CWE-552 Files or Directories Accessible to External Parties
Solution(s) Upgrade to the latest version of Iguana CMS.
Last modified 04 Jan 2023 16:28

Description

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server.


JSON version