CVE-2019-8982

CRITICAL EXPLOITED NUCLEI

Wavemaker Wavemarker Studio - SSRF

Title source: rule

Description

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.

Exploits (1)

exploitdb WORKING POC

by Gionathan Reale · textwebappsjava

https://www.exploit-db.com/exploits/45158

View Code ZIP pw:eip

Nuclei Templates (1)

Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery

CRITICALby madrobot

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45158

Scores

CVSS v3 9.6

EPSS 0.8571

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-19

CWE

CWE-918

Status published

Products (1)

wavemaker/wavemarker_studio 6.6

Published Feb 21, 2019

Tracked Since Feb 18, 2026