CVE-2022-28117

Опубликовано: 28 апр. 2022

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Средний

Описание

A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.

Ссылки

http://packetstormsecurity.com/files/167063/Navigate-CMS-2.9.4-Server-Side-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_5
Release Notes
Vendor Advisory
https://www.youtube.com/watch?v=4kHW95CMfD0
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/167063/Navigate-CMS-2.9.4-Server-Side-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_5
Release Notes
Vendor Advisory
https://www.youtube.com/watch?v=4kHW95CMfD0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:naviwebs:navigate_cms:2.9.4:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.67131

Средний

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-7fhp-7mjj-8x4m