CVE-2022-23167 Information

Description

Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.

Reference

https://www.gov.il/en/departments/faq/cve_advisories