CVE-2024-27563

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27563

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27563.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-27563

Published

2024-03-05T17:15:06.947Z

Modified

2025-11-20T12:25:56.680714Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

References

https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md

Affected packages

Git / github.com/robiso/wondercms

Affected ranges

Type: GIT
Repo: https://github.com/robiso/wondercms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f0d74f1d7aea282864311b8b954804179b5f8a97

Affected versions

1.*

1.1.0-beta

1.2.0-beta

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.2.0

2.2.1

2.3.0

2.3.1

2.3.2

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

3.*

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.1.0

3.1.1

3.1.2

3.1.3