Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.gov.il/en/departments/faq/cve_advisories |
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCD
Published: 2022-06-13T16:11:55.489250Z
Updated: 2024-09-16T19:46:32.481Z
Reserved: 2022-01-11T00:00:00
Link: CVE-2022-23167
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-06-13T17:15:09.653
Modified: 2022-06-27T17:10:38.437
Link: CVE-2022-23167
Redhat
No data.