Exploit for Server-Side Request Forgery in Naviwebs Navigate Cms CVE-2022-28117

Name: Exploit for Server-Side Request Forgery in Naviwebs Navigate Cms CVE-2022-28117
Rating: 5 (137 reviews)

2022-04-06 | CVSS 4.0

## https://sploitus.com/exploit?id=4137F618-BB7F-5F8A-9897-A173EE40EF17
# CVE-2022-28117
Navigate CMS &lt;= 2.9.4 - Server-Side Request Forgery (Authenticated)

# Description
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.

# References
- https://nvd.nist.gov/vuln/detail/CVE-2022-28117
- https://www.youtube.com/watch?v=4kHW95CMfD0