CVE-2024-41305

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wondercms:wondercms:3.4.3:*:*:*:*:*:*:*

History

21 Nov 2024, 09:32

Type Values Removed Values Added
References () https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery - Exploit () https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery - Exploit

08 Aug 2024, 14:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.1
v2 : unknown
v3 : 4.7
CPE cpe:2.3:a:wondercms:wondercms:3.4.3:*:*:*:*:*:*:*
CWE CWE-918
First Time Wondercms
Wondercms wondercms
References () https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery - () https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery - Exploit

01 Aug 2024, 13:58

Type Values Removed Values Added
CWE CWE-352
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1

31 Jul 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Server-Side Request Forgery (SSRF) en la página de complementos de WonderCMS v3.4.3 permite a los atacantes forzar a la aplicación a realizar solicitudes arbitrarias mediante la inyección de URL manipuladas en el parámetro pluginThemeUrl.

30 Jul 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-30 18:15

Updated : 2024-11-21 09:32


NVD link : CVE-2024-41305

Mitre link : CVE-2024-41305

CVE.ORG link : CVE-2024-41305


JSON object : View

Products Affected

wondercms

  • wondercms
CWE
CWE-918

Server-Side Request Forgery (SSRF)

CWE-352

Cross-Site Request Forgery (CSRF)