A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. The manipulation of the argument inpRedirectURL leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Configurations
No configuration.
History
11 Mar 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 4.3 |
CWE | CWE-918 | |
Summary | (en) A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. The manipulation of the argument inpRedirectURL leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
11 Mar 2025, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-11 13:15
Updated : 2025-03-11 14:15
NVD link : CVE-2025-2192
Mitre link : CVE-2025-2192
CVE.ORG link : CVE-2025-2192
JSON object : View
Products Affected
No product.
CWE
CWE-918
Server-Side Request Forgery (SSRF)