Server-side Request Forgery in Wcms 0.3.2: Exploiting the Path Parameter in wex/cssjs.php

Server-side Request Forgery in Wcms 0.3.2: Exploiting the Path Parameter in wex/cssjs.php

CVE-2020-24139 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.

Learn more about our Web App Pen Testing.