CVE-2021-40651 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in OS4Ed OpenSIS Community affects v. 8.0.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Toolbox
-
Vulnerability Overview
The issue exists due to improper handling of the modname
parameter in Modules.php
. By manipulating the parameter with directory traversal sequences, an attacker can include and execute arbitrary files from the server's filesystem.
Vulnerability Details
Exploiting the vulnerability involves crafting a malicious request to Modules.php
with a modified modname
parameter that includes directory traversal characters (../
). This can lead to unauthorized access to sensitive files like /etc/passwd
, providing attackers with valuable system information and potentially facilitating further attacks.
Possible Effects
Exploitation of this LFI vulnerability could result in:
- Disclosure of sensitive files and data stored on the server.
- Gaining insights into system configuration and installed software for further targeted attacks.
Why Choose SecurityForEveryone
At SecurityForEveryone, we are committed to providing top-notch vulnerability scanning solutions tailored to detect and mitigate threats like CVE-2021-40651 efficiently. By joining our platform, you gain access to:
- Comprehensive vulnerability scanning tools.
- Expert guidance for remediation strategies.
- Continuous updates on emerging security threats. Our platform empowers you to strengthen your cybersecurity posture effectively and proactively defend against evolving cyber threats.
References
![cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.](/_next/image?url=%2Fassets%2Fimages%2Fhome%2Fshield-256.png&w=640&q=75)
control security posture