PT-2024-27296 · Blossom Themes · Blossomthemes Email Newsletter

Yuchen Ji

Published

2024-06-26

Updated

2024-06-26

CVE-2024-37098

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BlossomThemes Email Newsletter versions 2.2.6 and earlier

Description A Server-Side Request Forgery (SSRF) issue has been identified. This allows an attacker to trick the server into making unintended requests, potentially leading to unauthorized access to sensitive data or systems.

Recommendations For versions 2.2.6 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-37098

Affected Products

Blossomthemes Email Newsletter

PT-2024-27296 · Blossom Themes · Blossomthemes Email Newsletter

CVE-2024-37098

Weakness Enumeration

Related Identifiers

Affected Products

References · 4