PT-2021-10373 · Flycms · Flycms
M4Yfly
·
Published
2021-04-01
·
Updated
2021-04-06
·
CVE-2020-19613
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
FlyCMS version 20190503
Description:
A Server Side Request Forgery (SSRF) issue exists in the saveUrlAs function within ImagesService.java. This allows for potential exploitation.
Recommendations:
For FlyCMS version 20190503, consider disabling the saveUrlAs function in ImagesService.java as a temporary workaround until a patch is available. Restrict access to the ImagesService.java module to minimize the risk of exploitation.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flycms