Back to KEVs

CVE-2021-47795

GeoVision Geowebserver 5.3.3 - Local FIle Inclusion

Basic Information

CVE State
PUBLISHED
Reserved Date
January 14, 2026
Published Date
January 15, 2026
Last Updated
April 07, 2026
Vendor
Geovision
Product
GeoVision Geowebserver
Description
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.

CVSS Scores

CVSS v4.0

8.7 - HIGH

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS v3.1

6.2 - MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation
poc
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2026-03-24 00:00:00 UTC) Source

References

https://www.exploit-db.com/exploits/50211 https://www.geovision.com.tw/cyber_security.php https://www.vulncheck.com/advisories/geovision-geowebserver-local-file-inclusion

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2026-03-24 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel