Vulnerability Details : CVE-2022-45052
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.
Published
2023-01-04 19:15:09
Updated
2024-10-16 12:15:05
Vulnerability category: File inclusion
Products affected by CVE-2022-45052
- cpe:2.3:a:axiell:iguana:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-45052
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-45052
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Dutch Institute for Vulnerability Disclosure | 2024-10-16 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Dutch Institute for Vulnerability Disclosure | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-45052
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by:
- csirt@divd.nl (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-45052
-
https://csirt.divd.nl/DIVD-2022-00064/
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS | DIVD CSIRTThird Party Advisory
-
https://csirt.divd.nl/CVE-2022-45052/
Local File Inclusion in Axiell Iguana CMS | DIVD CSIRTThird Party Advisory
Jump to