Back

CVE-2024-41305

July 30, 2024, 6:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

WonderCMS

  • 3.4.3

Source

cve@mitre.org

Tags

cve@mitre.org
2024-07-30
CVE-2024-41305

CVE-2024-41305 details

Published : July 30, 2024, 6:15 p.m.
Last Modified : July 30, 2024, 6:15 p.m.

Description

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.