WEB APPLICATION VULNERABILITIES Standard & Premium

WebLogic Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-11987)

Description

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Remediation

References

Related Vulnerabilities

WordPress Plugin LinkedIn by BestWebSoft Cross-Site Scripting (1.0.4)

WordPress Plugin Js-appointment 'searchdata.php' SQL Injection (1.5)

WordPress Plugin Wrapper Link Elementor Malicious Code (1.0.3)

Drupal Other Vulnerability (CVE-2005-3973)

FluxBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-10029)

Severity

High

Classification

CVE-2020-11987 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Tags

Missing Update Known Vulnerabilities