Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XRaytha
APPRaytha< 1.4.6
Powiązane podatności
Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The...
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to applicat...
Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Auth...
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special w...
Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality....