PT-2017-11650 · Finecms · Finecms
Passtion
·
Publicado
2017-07-06
·
Atualizado
2017-07-17
·
CVE-2017-10973
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
FineCMS versions prior to 2017-07-06
Description
The issue is related to Server-Side Request Forgery (SSRF) in the application/lib/ajax/get image data.php file. It occurs when requests are made for non-image files with a modified HTTP Host header.
Recommendations
For versions prior to 2017-07-06, update to a version released after 2017-07-06 to resolve the issue.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Finecms