CVE-2022-45835

EPSS 64.29%
Veröffentlicht 13.11.2023 03:15:07
Zuletzt bearbeitet 21.11.2024 07:29:48
Quelle audit@patchstack.com
CVE-Watchlists
Login
Unerledigt
Login

PhonePe Payment Solutions <= 1.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery

Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15.

Mögliche Gegenmaßnahme

PhonePe Payment Solutions: Update to version 2.0.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt PhonePe Payment Solutions

Version *-1.0.15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phonepe ≫ Phonepe SwPlatformwordpress Version <= 1.0.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	64.29%	0.984

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
audit@patchstack.com	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://patchstack.com/database/vulnerability/phonepe-payment-solutions/wordpress-phonepe-payment-solutions-plugin-1-0-15-server-side-request-forgery-ssrf?_s_id=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/8f24f7e2-2516-4f4d-955f-f3f6001cbce7

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45835

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45835

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45835

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-45835