CVE-2022-28997

Опубликовано: 23 мая 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

Ссылки

https://i.imgur.com/BwWTfYU.png
Exploit
Third Party Advisory
https://i.imgur.com/S1F7MaJ.png
Exploit
Third Party Advisory
https://i.imgur.com/pzWjkXI.png
Exploit
Third Party Advisory
https://i.imgur.com/xxjxnGk.png
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/166613/CSZCMS-1.3.0-SSRF-LFI-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://i.imgur.com/BwWTfYU.png
Exploit
Third Party Advisory
https://i.imgur.com/S1F7MaJ.png
Exploit
Third Party Advisory
https://i.imgur.com/pzWjkXI.png
Exploit
Third Party Advisory
https://i.imgur.com/xxjxnGk.png
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/166613/CSZCMS-1.3.0-SSRF-LFI-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cszcms:cszcms:1.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01773

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-px2q-6q9w-p7wc