CVE-2020-24140
CVE-2020-24140 describes an SSRF in WCMS version 0.3.2. An attacker can craft requests via the pagename parameter to wex/html.php from the vulnerable web application’s back-end server, enabling discovery of open ports and local network hosts and the execution of commands on local services. The co...