CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
References
Link Resource
https://www.exploit-db.com/exploits/45158 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:wavemaker:wavemarker_studio:6.6:*:*:*:*:*:*:*

Information

Published : 2019-02-21 02:29

Updated : 2019-02-21 07:56


NVD link : CVE-2019-8982

Mitre link : CVE-2019-8982

Products Affected
No products.
CWE
CWE-918

Server-Side Request Forgery (SSRF)