Vulnerability Details CVE-2020-24140
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.8%
CVSS Severity
CVSS v3 Score 8.3
CVSS v2 Score 7.5
References