Description

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.

Remediation

References

https://www.youtube.com/watch?v=JE1Kcq3iJpc

Related Vulnerabilities

CVE-2023-28155 Vulnerability in maven package org.webjars.npm:request

CVE-2020-8175 Vulnerability in maven package org.webjars.npm:jpeg-js

CVE-2022-0853 Vulnerability in maven package jboss:jboss-client

CVE-2023-41578 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent

CVE-2013-7285 Vulnerability in maven package com.thoughtworks.xstream:xstream

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory