CVE-2022-28997

Sažetak

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

Reference

https://i.imgur.com/pzWjkXI.png
https://i.imgur.com/BwWTfYU.png
https://i.imgur.com/xxjxnGk.png
https://i.imgur.com/S1F7MaJ.png
https://packetstormsecurity.com/files/166613/CSZCMS-1.3.0-SSRF-LFI-Remote-Code-Execution.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

03-06-2022 - 14:33

Objavljeno

23-05-2022 - 14:16