Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-45966

Published: 23/10/2023 Updated: 30/10/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

remark42 remark42

Github Repositories

https://github.com/jet-pentest/CVE-2023-45966

Blind SSRF in umputun/remark42 <= 1.12.1

CVE-2023-45966 Blind SSRF in umputun/remark42 &lt;= 1121 [Suggested description] An issue was found in umputun/remark42 &lt;= 1121 Malicious JSON in POST request to /api/v1/comment?site=&lt;SITE_ID&gt; leads to Blind SSRF due to missing title field and insufficient filtering of url field in comment creation request [Additional Information] Fixed in commit:

References

CWE-918https://github.com/jet-pentest/CVE-2023-45966https://github.com/umputun/remark42/issues/1677https://nvd.nist.govhttps://github.com/jet-pentest/CVE-2023-45966
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook