Vulnerabilities > CVE-2022-45052 - Files or Directories Accessible to External Parties vulnerability in Axiell Iguana 4.0.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

axiell

CWE-552

NVD

Published: 2023-01-04

Updated: 2024-01-02

Summary

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.

Vulnerable Configurations

Part	Description	Count
Application	Axiell Axiell Iguana 4.0.0	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://csirt.divd.nl/CVE-2022-45052/
https://csirt.divd.nl/DIVD-2022-00064/