CVE-2022-45326

Name of the Vulnerable Software and Affected Versions Kwoksys Kwok Information Server versions prior to 2.9.5.SP31

Description An XML external entity (XXE) injection issue allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. This enables attackers to manipulate the server into making unauthorized requests, potentially leading to sensitive information disclosure or other malicious activities.

Recommendations For versions prior to 2.9.5.SP31, update to version 2.9.5.SP31 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive server-side resources to minimize the risk of exploitation.