exploitDog

CVE-2020-23776

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.

Ссылки

https://github.com/zhonghaozhao/winmail/issues/3
Exploit
Issue Tracking
Third Party Advisory
https://github.com/zhonghaozhao/winmail/issues/3
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:winmail_project:winmail:6.5:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00278

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-r62f-j7fr-mvvx

github

больше 3 лет назад

A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.

EPSS

Процентиль: 51%

0.00278

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918