Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-32409

Published: 14/07/2022 Updated: 08/08/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Softwarepublico

Vulnerability Summary

A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows malicious users to execute arbitrary PHP code via a crafted HTTP request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

softwarepublico i3geo 7.0.5

Github Repositories

https://github.com/wagnerdracha/ProofOfConcept

Este repositório é destinado a publicação de POC encontradas.

ProofOfConcept Este repositório é destinado a publicação de POC encontradas #POCs CVE-2022-32409 - i3geo - LFI (Local File Inclusion) - codemirrorphp CVE-2022-34092 - i3geo - XSS (Cross Site Scripting) or HTML Injection - svg2imgphp CVE-2022-34093 - i3geo - XSS (Cross Site Scripting) or HTML Injection - access_tokenphp CVE-2022

References

CWE-22https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txthttps://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusionhttps://nvd.nist.govhttps://github.com/wagnerdracha/ProofOfConcept
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook