CVE-2024-27563

Published: 2024-03-05T17:15Z

Last Modified: 2025-01-21T15:08Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt