CVE-2024-41305

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wondercms:wondercms:3.4.3:*:*:*:*:*:*:*

History

21 Nov 2024, 09:32

Type Values Removed Values Added
References () https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery - Exploit () https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery - Exploit

08 Aug 2024, 14:36

Type Values Removed Values Added
CPE cpe:2.3:a:wondercms:wondercms:3.4.3:*:*:*:*:*:*:*
CWE CWE-918
References () https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery - () https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery - Exploit
CVSS v2 : unknown
v3 : 7.1
v2 : unknown
v3 : 4.7
First Time Wondercms wondercms
Wondercms

01 Aug 2024, 13:58

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1
CWE CWE-352

31 Jul 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Server-Side Request Forgery (SSRF) en la página de complementos de WonderCMS v3.4.3 permite a los atacantes forzar a la aplicación a realizar solicitudes arbitrarias mediante la inyección de URL manipuladas en el parámetro pluginThemeUrl.

30 Jul 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-30 18:15

Updated : 2024-11-21 09:32


NVD link : CVE-2024-41305

Mitre link : CVE-2024-41305

CVE.ORG link : CVE-2024-41305


JSON object : View

Products Affected

wondercms

  • wondercms
CWE
CWE-918

Server-Side Request Forgery (SSRF)

CWE-352

Cross-Site Request Forgery (CSRF)