Описание
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wondercms:wondercms:3.4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00086
Низкий
4.7 Medium
CVSS3
7.1 High
CVSS3
Дефекты
CWE-918
CWE-352
Связанные уязвимости
CVSS3: 7.1
github
больше 1 года назад
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
EPSS
Процентиль: 25%
0.00086
Низкий
4.7 Medium
CVSS3
7.1 High
CVSS3
Дефекты
CWE-918
CWE-352