2 matches found
CVE-2024-27563
CVE-2024-27563 is an SSRF in WonderCMS v3.1.3, traced to the getFileFromRepo function. The flaw lets an attacker coerce the application to make arbitrary outbound requests by injecting crafted URLs into the pluginThemeUrl parameter. Affected software: WonderCMS 3.1.3 (PHP-based CMS). Root cause: ...
CVE-2024-27563
A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...