4 matches found
CVE-2024-22203
creationtimestamp| type| source ---|---|--- 2024-01-23 19:26:45+00:00| seen| https://t.me/ctinow/172246 2024-01-30 19:17:11+00:00| seen| https://t.me/ctinow/176188 2024-02-17 11:06:51+00:00| seen| https://t.me/ctinow/186866...
CVE-2024-22203
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a...
CVE-2024-22203 Whoogle Search Server Side Request Forgery vulnerability
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a...
CVE-2024-22203
Whoogle Search (self-hosted metasearch) is affected in versions before 0.8.4 by an SSRF flaw: the element method in app/routes.py fails to validate user-controlled src_type and element_url, forwarding them to send which performs a GET request. This allows crafting requests to internal and externa...