PT-2022-12569 · Unknown · Ligeo Archives Ligeo Basics

Published

2022-03-17

Updated

2022-03-24

CVE-2021-46107

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ligeo Archives Ligeo Basics as of 02 01-2022

Description The issue allows an attacker to read any documents via the download features due to Server Side Request Forgery (SSRF). This means an attacker can exploit the vulnerability to access sensitive information.

Recommendations For Ligeo Archives Ligeo Basics as of 02 01-2022, consider restricting access to the download features until a fix is available. As a temporary workaround, limit the ability to read documents via the download features to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-46107

Affected Products

Ligeo Archives Ligeo Basics

PT-2022-12569 · Unknown · Ligeo Archives Ligeo Basics

CVE-2021-46107

Weakness Enumeration

Related Identifiers

Affected Products

References · 5