Vulnerability Details CVE-2022-43140
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.793
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-43140
-
cpe:2.3:a:keking:kkfileview:4.1.0