Vulnerabilities > CVE-2020-24139 - Server-Side Request Forgery (SSRF) vulnerability in Wcms 0.3.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
wcms
CWE-918

Summary

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.

Vulnerable Configurations

Part Description Count
Application
Wcms
1

Common Weakness Enumeration (CWE)