Vulnerabilities > CVE-2020-35313 - Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wondercms

CWE-918

critical

NVD

Published: 2021-04-20

Updated: 2021-04-23

Summary

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.

Vulnerable Configurations

Part	Description	Count
Application	Wondercms Wondercms Wondercms 3.1.3	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://packetstormsecurity.com/files/160310/WonderCMS-3.1.3-Code-Execution-Server-Side-Request-Forgery.html
https://github.com/robiso/wondercms
https://zetc0de.github.io/post/authenticated-rce-ssrf-wondercms/