CVE-2024-13139

Medium CVSS: 5.3

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendor

Wangl1989

Product

Mysiteforme

CWE

CWE-918

Yayın Tarihi

2025-01-05 11:15:07

Güncelleme

2025-01-10 21:02:02

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-918 Mysiteforme MEDIUM Wangl1989 2025

Referanslar

https://github.com/wangl1989/mysiteforme/issues/56 https://github.com/wangl1989/mysiteforme/issues/56#issue-2757876365 https://vuldb.com/?ctiid.290213 https://vuldb.com/?id.290213 https://vuldb.com/?submit.468513

Benzer Kayıtlar

Critical

CVE-2025-26136

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

Critical

CVE-2024-57763

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

Critical

CVE-2024-57764

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

High

CVE-2024-57765

MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.

Critical

CVE-2024-57766

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

High

CVE-2024-57767

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.