Exploitation Summary
EIP tracks 2 public exploits for CVE-2023-22232. PoCs published by h4shur. A Nuclei detection template is also available.
AI-analyzed exploit summary The provided content is a detailed writeup describing an Improper Access Control vulnerability (CVE-2023-22232) in Adobe Connect versions 11.4.5 and earlier, and 12.1.5 and earlier. It explains how an attacker can exploit the vulnerability to perform Local File Disclosure (LFD) by manipulating URL parameters to download arbitrary files from the server.
Description
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.
Exploits (2)
The provided content is a detailed writeup describing an Improper Access Control vulnerability (CVE-2023-22232) in Adobe Connect versions 11.4.5 and earlier, and 12.1.5 and earlier. It explains how an attacker can exploit the vulnerability to perform Local File Disclosure (LFD) by manipulating URL parameters to download arbitrary files from the server.
This exploit describes an information disclosure vulnerability in Adobe Connect 10 and earlier versions, where accessing specific endpoints reveals usernames or admin panel access without authentication.
Nuclei Templates (1)
title:"Adobe Connect" || http.title:"openvpn connect"
title="openvpn connect"
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N