S4E

CVE-2022-37299 Scanner

Detects 'Path Traversal' vulnerability in Shirne CMS affects v. 1.2.0.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

4 weeks

Scan only one

URL

Toolbox

-

Shirne CMS is an open-source content management system designed for the purpose of creating and managing websites. The CMS is particularly popular amongst small businesses and start-ups who are looking for an efficient and cost-effective method of developing their online presence. The Shirne CMS is built with functionality and ease of use in mind, with a simple and intuitive interface that is designed to make the process of website creation as streamlined as possible.

The CVE-2022-37299 vulnerability is a critical weakness detected in Shirne CMS version 1.2.0. This vulnerability is related to path traversal, an attack vector that allows an attacker to access files outside the web server's root directory. In this particular case, the attacker can exploit the vulnerability by sending a specially crafted request to the /static/ueditor/php/controller.php endpoint, which could lead to arbitrary file read access. This type of vulnerability could lead to a range of malicious activities, with attackers potentially gaining unauthorized access to sensitive files within the website and its backend systems.

The exploitation of this vulnerability could have severe consequences for website owners, putting sensitive data at risk and potentially exposing users to harm. Attackers could use the vulnerability to gain access to credit card details, personal information, and other sensitive data that is stored within the website's backend systems. Additionally, the vulnerability means that attackers have the ability to modify or delete files, causing significant damage to both the website and the wider business.

The s4e.io platform is a powerful tool that enables website owners and developers to quickly and easily identify potential vulnerabilities within their digital assets. Thanks to the platform's pro features, users can gain a comprehensive understanding of their website's security posture, helping them to identify and address potential weaknesses before they are exploited by hackers. By using the s4e.io platform, website owners can rest assured that they are taking the necessary steps to protect their online assets and keep their business safe from cyberattacks.

 

REFERENCES

Get started to protecting your Free Full Security Scan