3 matches found
CVE-2023-46736
EspoCRM is an Open Source CRM Customer Relationship Management software. In affected versions there is Server-Side Request Forgery SSRF vulnerability via the upload image from url api. Users who have access to the /Attachment/fromImageUrl endpoint can specify URL to point to an internal host. Eve...
CVE-2023-46736
creationtimestamp| type| source ---|---|--- 2023-12-24 15:26:22+00:00| seen| https://t.me/ctinow/159040...
CVE-2023-46736
CVE-2023-46736 affects EspoCRM, with a Server-Side Request Forgery (SSRF) vulnerability in the image URL upload flow via the path “/Attachment/fromImageUrl”. The flaw allows an attacker with access to that endpoint to specify an internal URL, bypass content-type checks via redirects, and potentia...