exploitDog

CVE-2024-27561

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 8.1

CVSS3: 9.1

EPSS Низкий

Описание

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.

Ссылки

https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md
Exploit
Third Party Advisory
https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wondercms:wondercms:3.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00193

Низкий

8.1 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-p53h-fpw3-ffwh

CVSS3: 9.1

github

почти 2 года назад

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.

EPSS

Процентиль: 41%

0.00193

Низкий

8.1 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-918

CWE-918