CVE-2022-28117 PoC — Navigate CMS 代码问题漏洞

Source

https://github.com/cheshireca7/CVE-2022-28117

Associated Vulnerability

Title:Navigate CMS 代码问题漏洞 (CVE-2022-28117)
Description:Naviwebs Navigate CMS是美国Naviwebs公司的一套开源的内容管理系统（CMS）。 Navigate CMS v2.9.4存在安全漏洞，该漏洞允许远程攻击者通过将任意 URL 注入到 feed 参数中来强制应用程序发出任意请求。

Description

Navigate CMS <= 2.9.4 - Server-Side Request Forgery (Authenticated)

Readme

# CVE-2022-28117
Navigate CMS &lt;= 2.9.4 - Server-Side Request Forgery (Authenticated)

# Description
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.

# References
- https://nvd.nist.gov/vuln/detail/CVE-2022-28117
- https://www.youtube.com/watch?v=4kHW95CMfD0

File Snapshot


 [4.0K]  /data/pocs/3abf6ca8df91fb94b4c3b628422ed10bacd23873
├── [3.7K]  CVE-2022-28117.py
└── [ 427]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!