Description

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.

Remediation

References

https://www.youtube.com/watch?v=JE1Kcq3iJpc

Related Vulnerabilities

CVE-2020-7712 Vulnerability in npm package json

CVE-2020-13951 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

CVE-2022-48285 Vulnerability in maven package org.webjars.npm:github-com-stuk-jszip

CVE-2022-1295 Vulnerability in maven package org.webjars.bower:fullpage.js

CVE-2023-29512 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory