Vulnerability
WaveMaker studio is your one stop shop to combine the speed of low-code with the power of custom code. There are Local File Inclusion and Server Side Request Forgery vulnerabilities in Wavemaker Studio 6.6. com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mismanages the studioService.download?method=getContent&inUrl= value resulting in local file disclosure and SSRF.
Mitigation / Precaution
We suggest that you need to update to the latest version.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
