CVE-2022-45052
CVSS V2 None
CVSS V3 None
Description
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.
Overview
- CVE ID
- CVE-2022-45052
- Assigner
- csirt@divd.nl
- Vulnerability Status
- Analyzed
- Published Version
- 2023-01-04T19:15:09
- Last Modified Date
- 2023-01-11T03:08:43
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:axiell:iguana:*:*:*:*:*:*:*:* | 1 | OR | 4.0.0 | 4.5.02 |
| cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | 0 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://csirt.divd.nl/CVE-2022-45052/ | |
| https://csirt.divd.nl/DIVD-2022-00064/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-45052 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45052 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-01-04 20:15:16 | Added to TrackCVE | |||
| 2023-01-04 20:15:17 | Weakness Enumeration | new | ||
| 2023-01-06 16:20:23 | 2023-01-06T16:15:12 | CVE Modified Date | updated | |
| 2023-01-06 16:20:25 | A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server. | A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server. | Description | updated |
| 2023-01-06 16:20:26 | References | updated | ||
| 2023-01-09 04:26:09 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2023-01-09 05:19:34 | Undergoing Analysis | Awaiting Analysis | Vulnerability Status | updated |
| 2023-01-09 16:19:01 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2023-01-11 03:18:30 | 2023-01-11T03:08:43 | CVE Modified Date | updated | |
| 2023-01-11 03:18:30 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2023-01-11 03:18:32 | CPE Information | updated |