GeoVision Geowebserver 5.3.3 - Local FIle Inclusion | Advisories

Advisories

GeoVision Geowebserver 5.3.3 - Local FIle Inclusion

severity: high
date: January 15, 2026
Affecting: GeoVision Geowebserver <= 5.3.3
CVE: CVE-2021-47795
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-50211
GeoVision Cyber Security Page
Credit: Ken 's1ngular1ty' Pyle
Description: GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.