Описание
A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Ссылки
- Broken Link
- Broken Link
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zkea:zkeacms:4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 6.3
github
5 месяцев назад
A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is now public and may be used.
EPSS
Процентиль: 20%
0.00064
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918