CVE-2022-41547
published 2022-10-18CVE-2022-41547: Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.20%
64.3th percentile
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensecurity | mobile_security_framework | <= 0.9.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MobSF allows attackers to read arbitrary files via a crafted HTTP request
ghsa·2022-10-18
CVE-2022-41547 [HIGH] MobSF allows attackers to read arbitrary files via a crafted HTTP request
MobSF allows attackers to read arbitrary files via a crafted HTTP request
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the `StaticAnalyzer/views.py` script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.
OSV
MobSF allows attackers to read arbitrary files via a crafted HTTP request
osv·2022-10-18
CVE-2022-41547 [HIGH] MobSF allows attackers to read arbitrary files via a crafted HTTP request
MobSF allows attackers to read arbitrary files via a crafted HTTP request
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the `StaticAnalyzer/views.py` script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/b9cdd1f52bdf127cf33bb1be369e374a2855f8e6#diff-69d2e38f6bba208c333da6a09a83ca65056fcb60f4e10d23f67c01bcc1ffb58chttps://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/166https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/b9cdd1f52bdf127cf33bb1be369e374a2855f8e6#diff-69d2e38f6bba208c333da6a09a83ca65056fcb60f4e10d23f67c01bcc1ffb58chttps://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/166
2022-10-18
Published