PT-2022-21629 · Halo Cms · Halo Cms
Zongdeiqianxing
·
Published
2022-06-27
·
Updated
2022-07-06
·
CVE-2022-32995
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Halo CMS version 1.5.3
Description
The issue is related to a Server-Side Request Forgery (SSRF) in the template remote download function. This allows an attacker to forge requests from the server, potentially leading to unauthorized access to internal resources.
Recommendations
For Halo CMS version 1.5.3, consider disabling the template remote download function as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Halo Cms