CVE-2022-32409
published 2022-07-14CVE-2022-32409: A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute…
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.47%
94.8th percentile
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softwarepublico | i3geo | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/i3geo/exemplos/codemirror.php?&pagina=../../../../../../../../../../../../../../../../../etc/passwd↗
- →Look for GET requests targeting /i3geo/exemplos/codemirror.php with a 'pagina' parameter containing path traversal sequences (e.g., ../) to detect LFI exploitation attempts. ↗
- →A successful exploitation response will return HTTP 200 and contain the string matching 'root:[x*]:0:0' (i.e., /etc/passwd content), indicating successful LFI. ↗
- →Use Shodan or FOFA to identify exposed i3geo instances as potential targets: Shodan query 'http.html:"i3geo"', FOFA query 'body="i3geo"'. ↗
- ·The vulnerability is unauthenticated (PR:N, UI:N) and network-reachable (AV:N), meaning no credentials or user interaction are required to exploit it remotely. ↗
- ·The vulnerable parameter is 'pagina' in codemirror.php; only i3geo version 7.0.5 is confirmed affected per the CPE. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6pv-wp3g-556q: A local file inclusion (LFI) vulnerability in the component codemirror
ghsa_unreviewed·2022-07-15
CVE-2022-32409 [CRITICAL] CWE-94 GHSA-w6pv-wp3g-556q: A local file inclusion (LFI) vulnerability in the component codemirror
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.
VulnCheck
softwarepublico i3geo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2022·CVSS 9.8
CVE-2022-32409 [CRITICAL] softwarepublico i3geo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
softwarepublico i3geo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.
Affected: softwarepublico i3geo
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-15&host_type=src&vulnerability=cve-2022-32409; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-02-28&host_type=src&vulnerability=cve-2022-32409; https://dash
No detection rules found.
Nuclei
Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
nuclei·CVSS 9.8
CVE-2022-32409 [CRITICAL] Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.
Template:
id: CVE-2022-32409
info:
name: Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
author: pikpikcu
severity: critical
description: Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.
impact: |
An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stor
https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txthttps://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusionhttps://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txthttps://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
2022-07-14
Published
Exploited in the wild