Headline
CVE-2022-45269: CVE-2022-45269
A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.
### Description
A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.
### Additional Information
The affected product is mounted on a Windows server with IIS 10.0, therefore, only arbitrary Windows files can be read.
### Vulnerability Type
Directory Traversal
### Vendor of Product
Linx Sphere
### Affected Product Code Base
LINX 7.35.ST15 - Versions affected: < LINX 7.35.ST15
### Affected Component
Service web SCS.Web.Server.SPI/1.0 in port 3000
### Attack Type
Remote
### Impact Information Disclosure
True
### Attack Vectors
To exploit the vulnerability simply requires a remote attacker to use the following payload /…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/ and the file he wants to access. Example: http://192.168.1.10:3000/…/…/…/…/…/…/…/…/…/…/…/…/windows/iis.log