exploitDog

GHSA-8gp2-9vcg-vwj6

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.

Ссылки

EPSS

Процентиль: 94%

0.13088

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-918

Связанные уязвимости

CVE-2020-35313

CVSS3: 9.8

nvd

почти 5 лет назад

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.

EPSS

Процентиль: 94%

0.13088

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-918