[CVE-2023-33616] Server-side request forgery (SSRF)

Exploit Author: Dat Nguyen aka datnlq of VietSunshine Cyber Security Services

Vendor of Product: CraftCMS

Affected Product Code Base: 3.7.59

CVE: CVE-2023-33614

Description: Craft CMS version 3.7.59 is vulnerable of XSS vulnerability, which allows remote unauthenticated attacker to execute javascript code via error and message parameter.

Steps to reproduce:

Api admin/actions/dashboard/get-feed-items, and admin/actions/dashboard/save-widget-settings are vulnerable of SSRF, which allows user can scan network, finding internal port and internal web applications.

Previous[CVE-2023-33614] Reflected - Cross Site Script (XSS)

Last updated 7 months ago