Описание
SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:tp-shop:tpshop:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:tp-shop:tpshop:2.0.6:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01724
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.
EPSS
Процентиль: 82%
0.01724
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918