CVE-2021-39433
Description
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local file inclusion in BIQS IT Biqs-drive <=1.83 via download/index.php file parameter allows arbitrary file read.
Vulnerability
A local file inclusion (LFI) vulnerability exists in BIQS IT Biqs-drive version 1.83 and below. The issue is in download/index.php, where the file parameter is not properly sanitized, allowing directory traversal sequences [1].
Exploitation
An attacker can exploit this by sending a crafted GET request to download/index.php with a file parameter containing path traversal payloads such as ../../../../../../../../../etc/passwd. No authentication or special privileges are required; the attacker only needs network access to the vulnerable endpoint [1].
Impact
Successful exploitation allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. This can lead to disclosure of sensitive information, including system configuration files, application source code, or database credentials [1].
Mitigation
As of the available references, no patch or updated version has been released to fix this vulnerability. The vendor's website (https://biqs-drive.be/) does not mention a fix [2]. Users are advised to restrict access to the vulnerable endpoint or consider upgrading if a future patch becomes available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- BIQS IT/Biqs-drivedescription
- Range: <=1.83
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- biqs-drive.bemitrex_refsource_MISC
- github.com/PinkDraconian/CVE-2021-39433/blob/main/README.mdmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.