← volver
CVE-2021-47795

GeoVision Geowebserver 5.3.3 - Local FIle Inclusion

CVSS 8.7 HIGHEPSS 0.9%CWE-22
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Geovision · GeoVision Geowebserver

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.exploit-db.com/exploits/50211https://www.geovision.com.tw/cyber_security.phphttps://www.vulncheck.com/advisories/geovision-geowebserver-local-file-inclusion