Description

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.

Remediation

References

https://www.youtube.com/watch?v=JE1Kcq3iJpc

Related Vulnerabilities

CVE-2019-13235 Vulnerability in maven package org.opencms:opencms-core

CVE-2021-43138 Vulnerability in maven package org.webjars.bower:async

CVE-2021-23449 Vulnerability in npm package vm2

CVE-2018-16487 Vulnerability in maven package org.webjars.bower:lodash

CVE-2022-29631 Vulnerability in maven package org.jodd:jodd-http

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory