CVE-2022-23377

HIGH

Archeevo <5.0 - Local File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-23377. PoCs published by Miguel Santareno.

AI-analyzed exploit summary This is a writeup describing a Local File Inclusion (LFI) vulnerability in Archeevo 5.0. The PoC demonstrates how an unauthenticated attacker can access sensitive files like web.config by manipulating the file parameter in the error page URL.

Description

Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.

Exploits (1)

exploitdb WRITEUP

by Miguel Santareno · textremotewindows

https://www.exploit-db.com/exploits/50665

View Code ZIP pw:eip

This is a writeup describing a Local File Inclusion (LFI) vulnerability in Archeevo 5.0. The PoC demonstrates how an unauthenticated attacker can access sensitive files like web.config by manipulating the file parameter in the error page URL.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Archeevo < 5.0

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50665

Scores

CVSS v3 7.5

EPSS 0.0214

EPSS Percentile 79.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-552

Status published

Products (1)

keep/archeevo < 5.0

Published Mar 01, 2022

Tracked Since Feb 18, 2026