Server Side Request Forgery (SSRF) vulnerabilities let an attacker send crafted requests from the back-end server of a vulnerable web application. It can help identify open ports, local network hosts and execute command on services (for example redis, by using gopher:// scheme)
Hi, dev team!
There is SSRF Vulnerability in
wcms/wcms/wex/html.phpfile.The vulnerable code is:
wcms/wex/core/classes/Pagename.php:16:
$_SESSION['pagename'] = $_POST['pagename'];wcms/wex/core/classes/Pagename.php:20:
$GLOBALS['pagename'] = $_SESSION['pagename'];wcms/wex/html.php:17:
$html_from_template = htmlspecialchars(file_get_contents($GLOBALS['pagename']));Example POC:
Server Side Request Forgery (SSRF) vulnerabilities let an attacker send crafted requests from the back-end server of a vulnerable web application. It can help identify open ports, local network hosts and execute command on services (for example redis, by using
gopher://scheme)To prevent vulnerability use next manual: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
Please let me know about any fixes, I would like to register CVE number.
The text was updated successfully, but these errors were encountered: