CVE-2022-23166

Sysaid  Sysaid Local File Inclusion (LFI)  An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the LFI] Solution: Update to 22.2.20 cloud version, or to 22.1.64 on premise version.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
INCDCNA
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
sysaidsysaid
𝑥
< 22.1.64
sysaidsysaid
𝑥
< 22.2.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.gov.il/en/departments/faq/cve_advisories
https://www.gov.il/en/departments/faq/cve_advisories