CVE-2022-23166
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Summary
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the LFI] Solution: Update to 22.2.20 cloud version, or to 22.1.64 on premise version.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SysAid | Sysaid | 22.2.19 cloud version <= 22.2.19 | affected |
| SysAid | Sysaid | 22.1.63 on premise version <= 22.1.63 | affected |
Weaknesses
- Local File Inclusion
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.