PT-2022-20725 · Nbnbk Cms · Nbnbk Cms

Zer0Yu

Published

2022-06-09

Updated

2022-06-15

CVE-2022-31386

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions nbnbk cms version 3

Description A Server-Side Request Forgery (SSRF) issue exists in the getFileBinary function, allowing attackers to force the application to make arbitrary requests by injecting arbitrary URLs into the URL parameter.

Recommendations For nbnbk cms version 3, consider restricting access to the getFileBinary function until a patch is available, and avoid using arbitrary URLs in the URL parameter to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-31386

Affected Products

Nbnbk Cms

PT-2022-20725 · Nbnbk Cms · Nbnbk Cms

CVE-2022-31386

Weakness Enumeration

Related Identifiers

Affected Products

References · 4