Vulnerabilities > CVE-2022-28117 - Server-Side Request Forgery (SSRF) vulnerability in Naviwebs Navigate CMS 2.9.4

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

naviwebs

CWE-918

NVD

Published: 2022-04-28

Updated: 2022-05-12

Summary

A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.

Vulnerable Configurations

Part	Description	Count
Application	Naviwebs Naviwebs Navigate CMS 2.9.4	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.youtube.com/watch?v=4kHW95CMfD0
https://www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_5
http://packetstormsecurity.com/files/167063/Navigate-CMS-2.9.4-Server-Side-Request-Forgery.html