CVE-2022-41477

Name of the Vulnerable Software and Affected Versions WeBid versions 1.2.2 and earlier

Description A Server-Side Request Forgery (SSRF) issue allows remote attackers to inject payloads via theme parameters in the admin/theme.php file to read files across directories.

Recommendations For WeBid versions 1.2.2 and earlier, consider restricting access to the admin/theme.php file until a patch is available. As a temporary workaround, avoid using the theme parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.