Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Local File Inclusion in File System Collector

Avatar Rushmi Bhuju
June 06, 2024 10:49
Follow

Advisory ID: LVD-2024-0005

CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSSv 3.1 Base Score: 6.5

Severity: Medium

CVE: CVE-2024-33860

CWE: CWE-73

Date Published: 2024-04-30

Description:

Logpoint before v7.4.0 is vulnerable to Local File Inclusion (LFI) attacks when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments: -

 

 

Comments

Article is closed for comments.

Related articles

  • XSS in "Interesting Fields" in Logpoint Web UI
  • Arbitrary file deletion through URL Injection to SAML SSO-URL Response
  • Authentication and CSRF bypass leading to unauthorized access
  • Server Side Request Forgery (SSRF) on Threat Intelligence
  • Universal Normalizer
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.