1. Home
  2. CVE Database
  3. CVE-2024-41305
MEDIUM · 4.7

CVE-2024-41305

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl ...

Vulnerability Description

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
WondercmsWondercms3.4.3

Related Weaknesses (CWE)

CWE-918CWE-352

References

FAQ

What is CVE-2024-41305?

CVE-2024-41305 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl ...

How severe is CVE-2024-41305?

CVE-2024-41305 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41305?

Check the references section above for vendor advisories and patch information. Affected products include: Wondercms Wondercms.