First published: Wed Apr 07 2021(Updated: )
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wcms Wcms | =0.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.