Lucene search

K
nvd[email protected]NVD:CVE-2023-3744
HistoryOct 02, 2023 - 2:15 p.m.

CVE-2023-3744

2023-10-0214:15:09
CWE-918
web.nvd.nist.gov
3
slims
ssrf
vulnerability
scrape_image.php
imageurl parameter

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

25.5%

Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the “scrape_image.php” file in the imageURL parameter.

Affected configurations

Nvd
Node
slimssenayan_library_management_systemMatch9.6.0
VendorProductVersionCPE
slimssenayan_library_management_system9.6.0cpe:2.3:a:slims:senayan_library_management_system:9.6.0:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

25.5%

Related for NVD:CVE-2023-3744