Vulnerabilities > CVE-2022-28997 - Server-Side Request Forgery (SSRF) vulnerability in Cszcms 1.3.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://i.imgur.com/BwWTfYU.png
- https://i.imgur.com/BwWTfYU.png
- https://i.imgur.com/pzWjkXI.png
- https://i.imgur.com/pzWjkXI.png
- https://i.imgur.com/S1F7MaJ.png
- https://i.imgur.com/S1F7MaJ.png
- https://i.imgur.com/xxjxnGk.png
- https://i.imgur.com/xxjxnGk.png
- https://packetstormsecurity.com/files/166613/CSZCMS-1.3.0-SSRF-LFI-Remote-Code-Execution.html
- https://packetstormsecurity.com/files/166613/CSZCMS-1.3.0-SSRF-LFI-Remote-Code-Execution.html