CVE-2021-27312

CRITICAL9.0EPSS 2.5%

Gleez Cms Server Side Request Forgery (SSRF) vulnerability

Published: 4/3/2024Modified: 4/3/2024

Description

Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php.

Affected packages (1)

Packagist/gleez/cmsfrom 0, <= 1.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-27312
PATCHhttps://github.com/gleez/cms
WEBhttps://gist.github.com/LioTree/8d10d123d31f50db05a25586e62a87ba
WEBhttps://github.com/gleez/cms/issues/805