Server side request forgery (ssrf)

2006-02-2811:02:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

JSON

Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00.

CPENameOperatorVersion
website_generatoreq3.3

CPE	Name	Operator	Version
	website_generator	eq	3.3

References

nsag.ru/vuln/894.html

secunia.com/advisories/19014

www.securityfocus.com/archive/1/426077/100/0/threaded

www.securityfocus.com/bid/16823