Server-Side Request Forgery Vulnerability in WonderCMS by WonderCMS
CVE-2024-41305

4.7MEDIUM

Key Information:

Vendor: Wondercms
Status: Wondercms
Vendor: CVE Published:; 30 July 2024

What is CVE-2024-41305?

In WonderCMS version 3.4.3, a Server-Side Request Forgery (SSRF) vulnerability has been identified that enables attackers to manipulate the application into making unauthorized requests. This is accomplished through the injection of specially crafted URLs into the pluginThemeUrl parameter on the Plugins Page, potentially revealing sensitive internal resources and leading to broader security risks.

References

https://github.com/patrickdeanramos/WonderCMS-version-3.4...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2024

Wondercms

What is CVE-2024-41305?

References

CVSS V3.1

Timeline