CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent= value, leading to disclosure of local files and SSRF...

VulnCheck KEV: CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

Design/Logic Flaw

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

CVE-2019-8982

WaveMaker Studio 6.6 contains a vulnerability in StudioService.java (studioService.download?method=getContent&inUrl= value) that can cause local file disclosure and server-side request forgery (SSRF). The Nuclei template confirms Local File Inclusion/SSRF in WaveMaker Studio 6.6, affecting the co...

CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

Wavemaker Studio 6.6 - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Vendor Homepage: http://www.wavemaker.com/ Software Link:...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Wavemaker Studio 6.6 - Server-Side Request Forgery Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link:...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...

WaveMaker Studio Requires No Authentication

The version of WaveMaker Studio detected on the remote host does not require authentication. A remote, unauthenticated attacker could exploit this to create, modify, and deploy projects. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

WaveMaker Studio Detection

WaveMaker Studio, a WYSIWYG development studio, was detected on the remote host. This application is a component of the WaveMaker development platform. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid60061; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/22";...

WaveMaker < 6.4.6 Security Bypass

According to its self-reported version number, the version of WaveMaker installed on the remote host has a security bypass vulnerability. Any projects deployed with WaveMaker Studio before 6.4.6 are affected by this vulnerability. A remote attacker could exploit this by requesting project service...