vendor:
Boss Mini
by:
nltt0
8.1
CVSS
CRITICAL
Local File Inclusion
22
CWE
Product Name: Boss Mini
Affected Version From: 1.4.2000
Affected Version To: 1.4.2000
Patch Exists: NO
Related CWE: CVE-2023-3643
CPE:
Platforms Tested:
2023
Boss Mini 1.4.0 – Local File Inclusion
The exploit allows an attacker to include local files on the server by manipulating the application domain and providing a local file path. This vulnerability has been assigned the CVE-2023-3643.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user inputs, avoid direct user-controlled data in file paths, and restrict file access permissions.