CVE-2022-23167

Summary

Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.

Affected Software

VendorProductVersion RangeStatus
AmodatAmodat7.12.00.08 <= 7.12.00.09affected

Weaknesses

  • Local File Inclusion

ADP Enrichment

CVE Program Container

Additional References

References