cve/CVE-2024-3448.md at 1fb02038e87a1b489511d558fdadb673d8f4753f

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio 1fb02038e8 Update CVE sources 2025-09-29 16:08

2025-09-29 16:08:36 +00:00

Description

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.

POC

Reference

No PoCs from references.

Github

https://github.com/ZHAW-Infosec-Research-Group/A2CT
https://github.com/fkie-cad/nvd-json-data-feeds

939 B Raw Blame History

CVE-2024-3448

Description

POC

Reference

Github

939 B

Raw Blame History