Описание
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2017-05-12 (включая)
cpe:2.3:a:finecms_project:finecms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00209
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
EPSS
Процентиль: 43%
0.00209
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-918