CVE-2021-45851

Published: Mar 16, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.

Affected (1)

Products: Frangoteam: Fuxa

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Frangoteam Fuxa	Version 1.1.3

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://www.youtube.com/watch?v=JE1Kcq3iJpc

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.youtube.com/watch?v=JE1Kcq3iJpc

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.