CVE-2024-41305

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-918
View all →

Vulnerability Description

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

Related Vulnerabilities

CVE-2020-14296

HIGH
CVSS:7.1(High)

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal netwo...

CWE-9182020

CVE-2021-31828

HIGH
CVSS:7.1(High)

An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceedi...

CWE-9182021

CVE-2022-21697

HIGH
CVSS:7.1(High)

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploy...

CWE-9182022

CVE-2022-2756

HIGH
CVSS:7.1(High)

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

CWE-9182022

CVE-2022-44729

HIGH
CVSS:7.1(High)

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trig...

CWE-9182022

CVE-2023-34370

HIGH
CVSS:7.1(High)

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects ...

CWE-9182023