Vulnerability Details : CVE-2021-28941
Potential exploit
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.
Vulnerability category: Server-side request forgery (SSRF)
Products affected by CVE-2021-28941
- cpe:2.3:a:magpierss_project:magpierss:0.72:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-28941
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-28941
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2021-28941
-
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-28941
-
https://pastebin.com/kpzHKKJu
MagpieRSS 0.72 Command injection/code injection and Internal Server side request forgery. - Pastebin.comExploit;Third Party Advisory
-
https://github.com/kellan/magpierss/blob/04d2a88b97fdba5813d01dc0d56c772d97360bb5/extlib/Snoopy.class.inc#L660
magpierss/Snoopy.class.inc at 04d2a88b97fdba5813d01dc0d56c772d97360bb5 · kellan/magpierss · GitHubThird Party Advisory
Jump to