Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03bXhnLXI3NnAtMzYzZ84AA6kT
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php.
Permalink: https://github.com/advisories/GHSA-7mxg-r76p-363gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03bXhnLXI3NnAtMzYzZ84AA6kT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 month ago
Updated: about 1 month ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Identifiers: GHSA-7mxg-r76p-363g, CVE-2021-27312
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27312
- https://github.com/gleez/cms/issues/805
- https://gist.github.com/LioTree/8d10d123d31f50db05a25586e62a87ba
- https://github.com/advisories/GHSA-7mxg-r76p-363g
Blast Radius: 1.0
Affected Packages
packagist:gleez/cms
Dependent packages: 0Dependent repositories: 0
Downloads: 8 total
Affected Version Ranges: <= 1.2.0
No known fixed version
All affected versions: