Описание
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:onethink:onethink:1.0:*:*:*:*:*:*:*
cpe:2.3:a:onethink:onethink:1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.0695
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.
EPSS
Процентиль: 91%
0.0695
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918