CVE-2023-23565

Published: Aug 22, 2023Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.

Affected (1)

Products: Geomatika: Isigeo Web

Geomatika

1 product

Isigeo Web

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Geomatika Isigeo Web	Version 6.0

Related CWEs

CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

References (6)

https://github.com/Orange-Cyberdefense/CVE-repository

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_geomatika_isigeoweb.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.geomatika.fr/isigeo-web/

Source: cve@mitre.org

Product

https://github.com/Orange-Cyberdefense/CVE-repository

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_geomatika_isigeoweb.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.geomatika.fr/isigeo-web/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.