vendor:
Wavemaker Studio
by:
Gionathan "John" Reale
9.6
CVSS
CRITICAL
Server-Side Request Forgery (SSRF)
Unknown
CWE
Product Name: Wavemaker Studio
Affected Version From: 6.6
Affected Version To: 6.6
Patch Exists: NO
Related CWE: CVE-2019-8982
CPE: wavemaker
Tags: cve,cve2019,wavemaker,lfi,ssrf,edb
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Nuclei Metadata: {'max-request': 1, 'vendor': 'wavemaker', 'product': 'wavemarker_studio'}
Platforms Tested: Parrot OS
2018
Wavemaker Studio 6.6 – Server-Side Request Forgery (SSRF)
Wavemaker Studio 6.6 contains an exploitable unvaildated parameter allowing an attacker to pass dangerous content to a victim via a phishing link. The vulnerability can also be exploited to access sensitive data or to use the server hosting Wavemaker as a form of HTTP proxy among other things.
Mitigation:
Unknown