Lucene search

[email protected]NVD:CVE-2022-38931

HistorySep 20, 2022 - 8:15 p.m.

CVE-2022-38931

2022-09-2020:15:10

CWE-918

[email protected]

web.nvd.nist.gov

ssrf

remote attackers

arbitrary requests

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.5%

JSON

A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.

Affected configurations

Nvd

Node

baijiacms_projectbaijiacmsMatch4.1.4

VendorProductVersionCPE
baijiacms_projectbaijiacms4.1.4cpe:2.3:a:baijiacms_project:baijiacms:4.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baijiacms_project	baijiacms	4.1.4	cpe:2.3:a:baijiacms_project:baijiacms:4.1.4:::::::*

References

github.com/zer0yu/CVE_Request/blob/master/baijiacms/baijiacmsv4_ssrf.md

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.5%

JSON

Related for NVD:CVE-2022-38931

prion1 osv1 cvelist1 cve1