Vulnerability Details CVE-2022-43140
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.758
EPSS Ranking 98.8%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-43140
-
cpe:2.3:a:keking:kkfileview:4.1.0