cbcvebase.
CVE-2022-32409
published 2022-07-14

CVE-2022-32409: A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute…

PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.47%
94.8th percentile
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.

Affected

1 ranges
VendorProductVersion rangeFixed in
softwarepublicoi3geo

Detection & IOCsextracted from sources · hover to see the quote

path/i3geo/exemplos/codemirror.php
url/i3geo/exemplos/codemirror.php?&pagina=../../../../../../../../../../../../../../../../../etc/passwd
  • Look for GET requests targeting /i3geo/exemplos/codemirror.php with a 'pagina' parameter containing path traversal sequences (e.g., ../) to detect LFI exploitation attempts.
  • A successful exploitation response will return HTTP 200 and contain the string matching 'root:[x*]:0:0' (i.e., /etc/passwd content), indicating successful LFI.
  • Use Shodan or FOFA to identify exposed i3geo instances as potential targets: Shodan query 'http.html:"i3geo"', FOFA query 'body="i3geo"'.
  • ·The vulnerability is unauthenticated (PR:N, UI:N) and network-reachable (AV:N), meaning no credentials or user interaction are required to exploit it remotely.
  • ·The vulnerable parameter is 'pagina' in codemirror.php; only i3geo version 7.0.5 is confirmed affected per the CPE.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.