Skip to main content

Mysiteforme CVE-2022-29309

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2022-05-24 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 24, 2022 - 03:15 nvd
HIGH 7.5

DescriptionNVD

mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.

AnalysisAI

mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. Affected products include: Wangl1989 Mysiteforme.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2025-26136 CRITICAL
9.8 Mar 04

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. Rated critical severity (CVSS 9.8), thi

CVE-2024-57767 HIGH POC
8.6 Jan 15

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.

CVE-2024-57766 CRITICAL POC
9.1 Jan 15

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table

CVE-2024-57765 HIGH POC
7.5 Jan 15

MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. R

CVE-2024-57764 CRITICAL POC
9.1 Jan 15

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table

CVE-2024-57763 CRITICAL POC
9.1 Jan 15

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table

CVE-2024-57762 HIGH POC
7.5 Jan 15

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. Ra

CVE-2024-13139 MEDIUM POC
5.3 Jan 05

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely

CVE-2024-13138 MEDIUM POC
5.1 Jan 05

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely

CVE-2024-13137 MEDIUM POC
5.1 Jan 05

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely

CVE-2024-13136 MEDIUM POC
5.3 Jan 05

A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Rated medium severity (CVSS 5.3), thi

Share

CVE-2022-29309 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy