Security for everyone

CVE-2021-40651 Scanner

Detects 'Local File Inclusion (LFI)' vulnerability in OS4Ed OpenSIS Community affects v. 8.0.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-40651 Scanner Detail

Vulnerability Overview

The issue exists due to improper handling of the modname parameter in Modules.php. By manipulating the parameter with directory traversal sequences, an attacker can include and execute arbitrary files from the server's filesystem.

Vulnerability Details

Exploiting the vulnerability involves crafting a malicious request to Modules.php with a modified modname parameter that includes directory traversal characters (../). This can lead to unauthorized access to sensitive files like /etc/passwd, providing attackers with valuable system information and potentially facilitating further attacks.

Possible Effects

Exploitation of this LFI vulnerability could result in:

  • Disclosure of sensitive files and data stored on the server.
  • Gaining insights into system configuration and installed software for further targeted attacks.

Why Choose SecurityForEveryone

At SecurityForEveryone, we are committed to providing top-notch vulnerability scanning solutions tailored to detect and mitigate threats like CVE-2021-40651 efficiently. By joining our platform, you gain access to:

  • Comprehensive vulnerability scanning tools.
  • Expert guidance for remediation strategies.
  • Continuous updates on emerging security threats. Our platform empowers you to strengthen your cybersecurity posture effectively and proactively defend against evolving cyber threats.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture