exploitDog

CVE-2024-27563

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 5.3

CVSS3: 6.5

EPSS Низкий

Описание

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

Ссылки

https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md
Exploit
Third Party Advisory
https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wondercms:wondercms:3.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00145

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-vqjx-886g-c3rv

CVSS3: 6.5

github

почти 2 года назад

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

EPSS

Процентиль: 35%

0.00145

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-918

CWE-918