← back
CVE-2021-47795

GeoVision Geowebserver 5.3.3 - Local FIle Inclusion

CVSS 8.7 HIGHEPSS 0.9%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Geovision · GeoVision Geowebserver

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/50211https://www.geovision.com.tw/cyber_security.phphttps://www.vulncheck.com/advisories/geovision-geowebserver-local-file-inclusion