S4E

CVE-2022-32409 Scanner

Detects 'Local File Inclusion (LFI)' vulnerability in Portal do Software Publico Brasileiro i3geo affects v. 7.0.5.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Url

Toolbox

-

Portal do Software Publico Brasileiro i3geo v7.0.5 is a free and open-source software developed by the Brazilian Government that helps to manage and display geographical information. It is used by public institutions and private companies for various purposes such as urban planning, environment management, and disaster risk reduction. The tool provides a user-friendly interface that allows users to interact with geographical data, perform analysis, and generate maps.

Recently, a critical security vulnerability was discovered in i3geo v7.0.5, registered as CVE-2022-32409. The vulnerability is related to a local file inclusion (LFI) vulnerability discovered in the codemirror.php component that can potentially allow attackers to execute arbitrary PHP code via a specially crafted HTTP request. This can potentially lead to sensitive data exposure, unauthorized access to the system, and even a complete takeover of the affected system.

When this vulnerability is exploited, attackers can use it to gain access to confidential information such as user credentials, personal identifiable information, and other sensitive data, leading to subsequent cyber attacks or espionage. In addition, malicious actors can use the vulnerability to plant backdoors in the system, performing malicious activities, or stealing sensitive information from the system.

s4e.io's pro features can immensely help to prevent similar security vulnerabilities in the future. The company offers tools and services for proactively monitoring and addressing security risks that can threaten digital assets. Through the platform's advanced analytics and vulnerability scanning, users can quickly identify potential threats, vulnerabilities, and risks and take prompt actions to mitigate them. Additionally, the platform offers user-friendly dashboards and reports that are easy to comprehend and act upon, ensuring maximum security for digital assets.

 

REFERENCES

Get started to protecting your Free Full Security Scan