Mysiteforme
CVE-2022-29309
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
AnalysisAI
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. Affected products include: Wangl1989 Mysiteforme.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
More in Mysiteforme
View allA SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. Rated critical severity (CVSS 9.8), thi
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. R
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. Ra
A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely
A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely
A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Rated medium severity (CVSS 5.3), thi
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today