Description

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php.

Related CPE's

a

ndk-design

ndkadvancedcustomizationfields

*

*

*

*

*

prestashop

Vulnerable

References

http://ndkadvancedcustomizationfields.com

Broken LinkNot ApplicableURL Repurposed

https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-40842/poc.txt

ExploitThird Party Advisory

http://ndkadvancedcustomizationfields.com

Broken LinkNot ApplicableURL Repurposed

https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-40842/poc.txt

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-918

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-22T00:15:32.507Z

3 years ago

Last modified

2025-04-29T14:15:24.720Z

11 months ago