Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.9 views

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

9.1CVSS7.2AI score0.00585EPSS
Exploits1References1
Prion
Prion
added 2024/03/05 5:15 p.m.19 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

7.6AI score0.00417EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/03/05 12:0 a.m.12 views

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

7.2AI score0.00585EPSS
Exploits1References1
CVE
CVE
added 2024/03/05 12:0 a.m.62 views

CVE-2024-27561

WonderCMS (version 3.1.3) is affected by a Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function. The vulnerability allows an attacker to coerce the application into making arbitrary outbound requests by injecting crafted URLs into the installThemePlugin parameter. Pub...

9.1CVSS7.2AI score0.00585EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/03/05 12:0 a.m.23 views

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

7.2AI score0.00417EPSS
Exploits1References1
Rows per page
Query Builder