EUVD-2022-44100

Malicious code in bioql PyPI...

NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...

CVE-2022-40842

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery SSRF via rotateimg.php...

Server side request forgery (ssrf)

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery SSRF via rotateimg.php...

CVE-2022-40842

CVE-2022-40842 affects ndk design NdkAdvancedCustomizationFields 3.5.0 and is a Server-Side Request Forgery (SSRF) issue exposed via rotateimg.php. The CVSS v3.1 base score is 9.1 (CRITICAL) with network attack vector, no user interaction, and no privileges required; impact is confidentiality and...

PT-2022-25573 · Ndk Design · Ndkadvancedcustomizationfields

Name of the Vulnerable Software and Affected Versions: ndk design NdkAdvancedCustomizationFields version 3.5.0 Description: The issue is related to Server-side request forgery SSRF via the rotateimg.php file. This allows for potential unauthorized access to internal resources. Recommendations: Fo...