CVE-2021-46107

Опубликовано: 17 мар. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.

Ссылки

https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
Third Party Advisory
https://raw.githubusercontent.com/Orange-Cyberdefense/CVE-repository/master/PoCs/POC_CVE-2021-46107.py
Exploit
Third Party Advisory
https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
Third Party Advisory
https://raw.githubusercontent.com/Orange-Cyberdefense/CVE-repository/master/PoCs/POC_CVE-2021-46107.py
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ligeo-archives:ligeo_basics:02_01-2022:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.62758

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-wj9r-vmgq-6f4j