CVE-2023-52085 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in Winter CMS affects v. before 1.2.4.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Vulnerability Overview
Winter CMS before version 1.2.4 suffers from a Local File Inclusion vulnerability due to unvalidated input in ColorPicker FormWidget, allowing attackers with backend access to include local files, potentially leading to sensitive information disclosure.
Vulnerability Details
Attackers exploit this vulnerability by manipulating the ColorPicker FormWidget's input, leading to the inclusion of arbitrary files present on the server. This flaw specifically impacts the custom stylesheets compilation process via LESS, opening a path for LFI attacks.
Possible Effects
- Information Disclosure: Access to sensitive files like
/etc/passwd. - Unauthorized Access: Potential pathway to more severe exploitation vectors.
Why Choose S4E
At S4E, we offer cutting-edge scanning solutions designed to identify and address vulnerabilities like CVE-2023-52085 efficiently. By choosing us, you benefit from:
- Comprehensive vulnerability assessments tailored to your needs.
- Detailed reports and actionable remediation guidance.
- Continuous support from our team of cybersecurity experts. Enhance your cyber resilience with S4E, ensuring your digital assets remain secure against evolving threats.
