CVE-2021-47795

MEDIUM 6.2

GeoVision Geowebserver 5.3.3 - Local FIle Inclusion

CVSS Score

6.2

EPSS Score

0.0%

EPSS Percentile

0th

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.

CWE	CWE-22
Vendor	geovision
Product	geovision geowebserver
Published	Jan 15, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for geovision geovision geowebserver

Be the first to know when new medium vulnerabilities affecting geovision geovision geowebserver are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Geovision / GeoVision Geowebserver

<= 5.3.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50211 geovision.com.tw: https://www.geovision.com.tw/cyber_security.php vulncheck.com: https://www.vulncheck.com/advisories/geovision-geowebserver-local-file-inclusion

Credits

Ken 's1ngular1ty' Pyle