Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery

WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery. id: CVE-2019-8982 info: name: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request...

CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent= value, leading to disclosure of local files and SSRF...

VulnCheck KEV: CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

com.epam.reportportal:service-authorization (>=5.11.0 <=5.11.1), com.erudika:para-jar (=1.49.0) +51 more potentially affected by CVE-2023-34042 via org.springframework.security:spring-security-config (>=5.8.4 <=5.8.6)

org.springframework.security:spring-security-config MAVEN version =5.8.4, =5.11.0, =1.73.40, =1.73.40, =1.73.40, =1.73.40, =2.35.0, =2.14.0, =2.14.0, =11.3.6, =11.3.6, =11.3.6, =11.3.6, =11.4.2 and more Source cves: CVE-2023-34042 Source advisory: OSV:GHSA-9GP8-6CG8-7H34...

CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

Design/Logic Flaw

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

CVE-2019-8982

WaveMaker Studio 6.6 contains a vulnerability in StudioService.java (studioService.download?method=getContent&inUrl= value) that can cause local file disclosure and server-side request forgery (SSRF). The Nuclei template confirms Local File Inclusion/SSRF in WaveMaker Studio 6.6, affecting the co...

Wavemaker Studio 6.6 - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Vendor Homepage: http://www.wavemaker.com/ Software Link:...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Wavemaker Studio 6.6 - Server-Side Request Forgery Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link:...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...

WaveMaker Studio Detection

WaveMaker Studio, a WYSIWYG development studio, was detected on the remote host. This application is a component of the WaveMaker development platform. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid60061; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/22";...

WaveMaker Studio Requires No Authentication

The version of WaveMaker Studio detected on the remote host does not require authentication. A remote, unauthenticated attacker could exploit this to create, modify, and deploy projects. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

WaveMaker < 6.4.6 Security Bypass

According to its self-reported version number, the version of WaveMaker installed on the remote host has a security bypass vulnerability. Any projects deployed with WaveMaker Studio before 6.4.6 are affected by this vulnerability. A remote attacker could exploit this by requesting project service...