CVE-2022-28997

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.
References
Link Resource
https://i.imgur.com/pzWjkXI.png Exploit Third Party Advisory
https://i.imgur.com/BwWTfYU.png Exploit Third Party Advisory
https://i.imgur.com/xxjxnGk.png Exploit Third Party Advisory
https://i.imgur.com/S1F7MaJ.png Exploit Third Party Advisory
https://packetstormsecurity.com/files/166613/CSZCMS-1.3.0-SSRF-LFI-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:cszcms:cszcms:1.3.0:*:*:*:*:*:*:*

Information

Published : 2022-05-23 07:16

Updated : 2022-06-03 07:33


NVD link : CVE-2022-28997

Mitre link : CVE-2022-28997


JSON object : View

CWE
CWE-918

Server-Side Request Forgery (SSRF)

Advertisement

dedicated server usa

Products Affected

cszcms

  • cszcms