S4E

CVE-2021-46107 Scanner

Detects 'Server Side Request Forgery (SSRF)' vulnerability in Ligeo Archives Ligeo Basics as of 02_01-2022, allowing unauthorized document access.

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Time Interval

2088 sec

Scan only one

Domain, Ipv4

Toolbox

-

Ligeo Archives Ligeo Basics is a comprehensive archival management software designed for organizing, preserving, and accessing digital archives. This platform is utilized by libraries, museums, and archival institutions to manage their collections digitally. It offers features for cataloging, search, and retrieval of documents, making it an essential tool for historians, researchers, and archivists. The software aims to simplify the archival process while ensuring the accessibility and preservation of historical documents and artifacts.

The vulnerability is present in the document download functionality, where an attacker can manipulate the file parameter to request internal files or interact with internal services. Specifically, the software does not adequately validate or sanitize the input for the file parameter in the download request, allowing for external URLs or file paths to be specified. This can lead to the disclosure of sensitive system files, such as /etc/passwd, or interaction with internal network services through crafted URLs.

Exploitation of this SSRF vulnerability can lead to significant security breaches, including unauthorized access to sensitive documents, data leaks, and potential internal network reconnaissance. Attackers could exploit this flaw to gain insights into internal systems, extract confidential information, or even perform actions on behalf of the server, posing a critical risk to the security and privacy of the archival data.

By leveraging the security scanning capabilities of S4E, users can detect and address vulnerabilities like SSRF in Ligeo Archives Ligeo Basics. Our platform provides in-depth vulnerability assessments, detailed reports, and practical remediation guidance, helping institutions protect their digital archives against cyber threats. Membership offers continuous monitoring, expert support, and the assurance that your digital assets are safeguarded against emerging vulnerabilities, enhancing your cybersecurity posture.

 

References

Get started to protecting your Free Full Security Scan