Description

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.

INFO

Published Date :

2024-04-10T13:59:46.536Z

Last Modified :

2024-08-01T20:12:07.447Z

Source :

NCSC.ch
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3448 vulnerability.

Vendors Products
Mautic
  • Mautic
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3448.

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact