CVE-2023-7037

Опубликовано: 21 дек. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Authenticated%20Blind%20SSRF
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.248686
Permissions Required
Third Party Advisory
https://vuldb.com/?id.248686
Permissions Required
Third Party Advisory
https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Authenticated%20Blind%20SSRF
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.248686
Permissions Required
Third Party Advisory
https://vuldb.com/?id.248686
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:automad:automad:*:*:*:*:*:*:*:*

Версия до 1.10.9 (включая)

EPSS

Процентиль: 37%

0.00159

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-q5q3-qm26-9jwm

CVSS3: 3.7

github

около 2 лет назад

Authenticated Blind SSRF in automad/automad

EPSS

Процентиль: 37%

0.00159

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-918