CVE-2021-27312 – gleez/cms

Package

Manager: composer
Name: gleez/cms
Vulnerable Version: >=0 <=1.2.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.01935 pctl0.82693

Details

Gleez Cms Server Side Request Forgery (SSRF) vulnerability Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php.

Metadata

Created: 2024-04-03T06:30:48Z
Modified: 2024-04-03T15:34:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-7mxg-r76p-363g/GHSA-7mxg-r76p-363g.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-7mxg-r76p-363g
Finding: F100
Auto approve: 1