How severe is CVE-2022-24789?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2022-24789?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2022-24789

HIGH Year: 2022

CVSS v3 Score

7.6

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-918

View all →

Vulnerability Description

C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist.

CVE-2020-6275

HIGH

CVSS:7.6(High)

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path n...

CWE-9182020

CVE-2022-0425

HIGH

CVSS:7.6(High)

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.

CWE-9182022

CVE-2024-13957

HIGH

CVSS:7.6(High)

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Ser...

CWE-9182024

CVE-2024-5746

HIGH

CVSS:7.6(High)

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitH...

CWE-9182024

CVE-2024-9624

HIGH

CVSS:7.6(High)

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. T...

CWE-9182024

CVE-2025-1912

HIGH

CVSS:7.6(High)

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the valida...

CWE-9182025

CVE-2022-24789

Vulnerability Description

Related Vulnerabilities

CVE-2020-6275

CVE-2022-0425

CVE-2024-13957

CVE-2024-5746

CVE-2024-9624

CVE-2025-1912