CVE-2021-40651 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in OS4Ed OpenSIS Community affects v. 8.0.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Vulnerability Overview
The issue exists due to improper handling of the modname parameter in Modules.php. By manipulating the parameter with directory traversal sequences, an attacker can include and execute arbitrary files from the server's filesystem.
Vulnerability Details
Exploiting the vulnerability involves crafting a malicious request to Modules.php with a modified modname parameter that includes directory traversal characters (../). This can lead to unauthorized access to sensitive files like /etc/passwd, providing attackers with valuable system information and potentially facilitating further attacks.
Possible Effects
Exploitation of this LFI vulnerability could result in:
- Disclosure of sensitive files and data stored on the server.
- Gaining insights into system configuration and installed software for further targeted attacks.
Why Choose S4E
At S4E, we are committed to providing top-notch vulnerability scanning solutions tailored to detect and mitigate threats like CVE-2021-40651 efficiently. By joining our platform, you gain access to:
- Comprehensive vulnerability scanning tools.
- Expert guidance for remediation strategies.
- Continuous updates on emerging security threats. Our platform empowers you to strengthen your cybersecurity posture effectively and proactively defend against evolving cyber threats.
