Server-side Request Forgery (SSRF) in Wcms 0.3.2: Exploiting the Pagename Parameter to Perform Command Execution and Network Scanning

Server-side Request Forgery (SSRF) in Wcms 0.3.2: Exploiting the Pagename Parameter to Perform Command Execution and Network Scanning

CVE-2020-24140 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.

Learn more about our Web App Pen Testing.