Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the LFI] Solution: Update to 22.2.20 cloud version, or to 22.1.64 on premise version.
References
Link | Resource |
---|---|
https://www.gov.il/en/departments/faq/cve_advisories | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCD
Published: 2022-05-09T00:00:00
Updated: 2022-05-12T19:49:52
Reserved: 2022-01-11T00:00:00
Link: CVE-2022-23166
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-12T20:15:15.320
Modified: 2022-05-23T20:31:48.800
Link: CVE-2022-23166
JSON object: View
Redhat Information
No data.
CWE