Vulnerability CVE-2022-28117


Published: 2022-04-28

Description:
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Navigate CMS 2.9.4 Server-Side Request Forgery (SSRF) (Authenticated)
cheshireca7
17.06.2022

 References:
https://www.youtube.com/watch?v=4kHW95CMfD0
https://www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_5

Copyright 2022, cxsecurity.com

 

Back to Top