Vulnerabilities > CVE-2022-28997 - Server-Side Request Forgery (SSRF) vulnerability in Cszcms 1.3.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cszcms

CWE-918

NVD

Published: 2022-05-23

Updated: 2022-06-03

Summary

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

Vulnerable Configurations

Part	Description	Count
Application	Cszcms Cszcms Cszcms 1.3.0	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://i.imgur.com/pzWjkXI.png
https://i.imgur.com/BwWTfYU.png
https://i.imgur.com/xxjxnGk.png
https://i.imgur.com/S1F7MaJ.png
https://packetstormsecurity.com/files/166613/CSZCMS-1.3.0-SSRF-LFI-Remote-Code-Execution.html