Lucene search
China National Vulnerability DatabaseCNVD-2022-85536HistoryNov 24, 2022 - 12:00 a.m.
NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability
2022-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
ndkadvancedcustomizationfields
ssrf vulnerability
rotateimg.php
user input validation
server-side request forgery
attack
EPSS
0.002
Percentile
58.4%
NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerability to launch a server-side request forgery attack.
Related
cve
cve
CVE-2022-40842
2022-11-22 01:15:32
nvd
nvd
CVE-2022-40842
2022-11-22 01:15:32
prion
prion
Server side request forgery (ssrf)
2022-11-22 01:15:00
cvelist
cvelist
CVE-2022-40842
2022-11-22 00:00:00