Security for everyone

CVE-2023-52085 Scanner

Detects 'Local File Inclusion (LFI)' vulnerability in Winter CMS affects v. before 1.2.4.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2023-52085 Scanner Detail

Vulnerability Overview

Winter CMS before version 1.2.4 suffers from a Local File Inclusion vulnerability due to unvalidated input in ColorPicker FormWidget, allowing attackers with backend access to include local files, potentially leading to sensitive information disclosure.

Vulnerability Details

Attackers exploit this vulnerability by manipulating the ColorPicker FormWidget's input, leading to the inclusion of arbitrary files present on the server. This flaw specifically impacts the custom stylesheets compilation process via LESS, opening a path for LFI attacks.

Possible Effects

  • Information Disclosure: Access to sensitive files like /etc/passwd.
  • Unauthorized Access: Potential pathway to more severe exploitation vectors.

Why Choose SecurityForEveryone

At SecurityForEveryone, we offer cutting-edge scanning solutions designed to identify and address vulnerabilities like CVE-2023-52085 efficiently. By choosing us, you benefit from:

  • Comprehensive vulnerability assessments tailored to your needs.
  • Detailed reports and actionable remediation guidance.
  • Continuous support from our team of cybersecurity experts. Enhance your cyber resilience with SecurityForEveryone, ensuring your digital assets remain secure against evolving threats.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture