CVE-2024-27561

Published: 2024-03-05T17:15Z

Last Modified: 2025-01-21T15:08Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt