CVE-2022-41496: SSRF
First published: Thu Oct 13 2022(Updated: )
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| idreamsoft iCMS | =7.0.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-41496?
CVE-2022-41496 is a vulnerability in iCMS v7.0.16 that allows Server-Side Request Forgery (SSRF) attacks.
How severe is CVE-2022-41496?
CVE-2022-41496 has a severity rating of 9.8, which is classified as critical.
How does CVE-2022-41496 work?
CVE-2022-41496 allows an attacker to send requests from the server to another internal or external server, potentially accessing sensitive information or exploiting vulnerabilities.
Which version of iCMS is affected by CVE-2022-41496?
iCMS version 7.0.16 is affected by CVE-2022-41496.
How can I fix CVE-2022-41496?
To fix CVE-2022-41496, update iCMS to a version that includes a patch for the SSRF vulnerability, and ensure that user-supplied URL parameters are properly validated and restricted.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/idreamsoft
- canonical/idreamsoft icms
- version/idreamsoft icms/7.0.16