PT-2022-18822 · Unknown · Navigate Cms
Published
2022-04-28
·
Updated
2023-12-29
·
CVE-2022-28117
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Navigate CMS version 2.9.4
Description
A Server-Side Request Forgery (SSRF) in the
feed parser class allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.Recommendations
For Navigate CMS version 2.9.4, consider disabling the
feed parser class until a patch is available to prevent exploitation of the SSRF issue. Restrict access to the feed parameter in the affected API endpoint to minimize the risk of exploitation.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Navigate Cms