CVE-2022-45326

Sažetak

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

Reference

http://www.kwoksys.com/wiki/index.php?title=Release_Notes
https://www.navsec.net/2022/11/12/kwoksys-xxe.html
http://www.kwoksys.com/wiki/index.php?title=Release_Notes
https://www.navsec.net/2022/11/12/kwoksys-xxe.html

CVSS

Base:	4.9
Impact:	3.6
Exploitability:	1.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

23-04-2025 - 15:15

Objavljeno

06-12-2022 - 17:15