Detects 'Local File Inclusion (LFI)' vulnerability in BIQS IT Biqs-drive affects v. 1.83 and below.
Can be used by
Scan only one
CVE-2021-39433 Scanner Detail
BIQS IT Biqs-drive is a software used for file sharing and storage in businesses and organizations. It allows users to access and store files remotely, enabling hassle-free collaboration and seamless data management. The software offers several features such as file versioning, password protection, and file locking, which ensures secure data sharing and storage.
However, recent security research has discovered a critical vulnerability in the system, designated as CVE-2021-39433. The local file inclusion (LFI) vulnerability in version BIQS IT Biqs-drive v1.83 and below is caused by a specific payload that is sent as the file parameter to download/index.php. This allows attackers to access and read arbitrary files from the server with permissions to the configured web-user account, enabling them to compromise the system and steal confidential information.
Exploitation of the vulnerability can result in a potential data breach and information leak that can cause severe reputational and financial damage to businesses and organizations. Attackers can gain access to sensitive data such as personal identifiable information, client data, and confidential business data, which can be used for identity theft, fraud, and other malicious activities.
Finally, with the pro feature of securityforeveryone.com, users can easily and quickly learn about vulnerabilities in their digital assets by subscribing to the platform. With detailed reports and insights on the latest vulnerabilities, users can take necessary precautions to prevent exploitation and ensure top-notch security for their digital assets.