5.3
CVE-2025-3691
- EPSS 0.46%
- Veröffentlicht 16.04.2025 13:00:15
- Zuletzt bearbeitet 24.04.2025 13:43:43
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Loginmirweiye Seven Bears Library CMS Add Link server-side request forgery
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mirweiye ≫ Seven Bears Library Cms Version < 2023
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.365 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 3.3 | 6.4 | 2.9 |
AV:N/AC:L/Au:M/C:N/I:P/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://vuldb.com/?id.304980
https://vuldb.com/?ctiid.304980
https://vuldb.com/?submit.553507
https://github.com/KKDT12138/CVE/blob/main/cve2.pdf