5
CVSSv2

CVE-2021-39433

Published: 04/10/2021 Updated: 12/10/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the malicious user to read arbitrary files from the server with the permissions of the configured web-user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

biqs biqsdrive

Github Repositories

BIQS IT Biqs-drive v1.83

CVE-2021-39433 A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v183 and below when sending a specific payload as the file parameter to download/indexphp This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user curl TARGET/download/indexphp?file=/////////etc/pas

essential templates for kenzer [DEPRECATED]

Kenzer Templates [5170] [DEPRECATED] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2013-2251 freaker freaker/exploits/CVE-2013-2251/exploitsh CVE-2017-6360 freaker freaker/exploits/CVE-2017-6360/exploitsh CVE-2017-6361 freaker freaker/exploits/CVE-2017-6361/exploitsh CVE-2017-7921 freaker freaker/exploits/CVE-2017-7921/exploitsh CVE-2018-11784 f