Description
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.
INFO
Published Date :
2024-04-10T13:59:46.536Z
Last Modified :
2024-08-01T20:12:07.447Z
Source :
NCSC.ch
AFFECTED PRODUCTS
The following products are affected by CVE-2024-3448 vulnerability.
| Vendors | Products |
|---|---|
| Mautic |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3448.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact