Vulnerabilities > CVE-2021-39433 - Unspecified vulnerability in Biqs Biqsdrive 1.83

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

biqs

NVD

Published: 2021-10-04

Updated: 2021-10-12

Summary

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.

Vulnerable Configurations

Part	Description	Count
Application	Biqs Biqs Biqsdrive - Biqs Biqsdrive 1.83	2

References

https://biqs-drive.be/
https://github.com/PinkDraconian/CVE-2021-39433/blob/main/README.md