Server-side Request Forgery (SSRF)

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the injection of arbitrary URLs. An admin-privilege authenticated attacker can force the application to mak...

Server-side Request Forgery (SSRF)

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the injection of arbitrary URLs. An admin-privilege authenticated attacker can force the application to make...

Server-side Request Forgery (SSRF)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the injection of arbitrary URLs. An admin-privilege authenticated attacker can force the application to make arbitrary requests,...

CVE-2023-3235

A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function picapi of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploi...

CVE-2023-3236

A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function picsave of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit ha...

PT-2023-23762 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OTCMS versions up to 6.62 Description: A critical issue has been found in OTCMS, affecting the processing of the file /admin/read.php?mudi=getSignal. The manipulation of the signalUrl argument leads to server-side request forgery. This issue...

mccms 代码问题漏洞

mccms diffuse city CMS is China's smoke and rain Jiangnan chshcms individual developers of a rapid site-building system. A code issue vulnerability exists in versions prior to mccms 2.6.5, which stems from incorrect manipulation of the parameter url leading to server-side request forgery...

mccms 代码问题漏洞

mccms diffuse city CMS is a rapid website building system for individual developers of China Smokey River South chshcms. A code issue vulnerability exists in versions prior to mccms 2.6.5, which stems from the fact that incorrect manipulation of the parameter pic can lead to server-side request...

Zhongbang CRMEB 代码问题漏洞

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A code issue vulnerability exists in Zhongbang CRMEB versions prior to 4.6.0. An attacker could exploit this vulnerability to conduct server-side request forgery attacks...

PT-2023-23743 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms versions up to 2.6.5 Description: A critical issue affects the function pic api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched...

PT-2023-23732 · Zhong Bang · Zhong Bang Crmeb

Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB versions up to 4.6.0 Description: A critical issue has been found, affecting the get image base64 function of the file api/controller/v1/PublicController.php. This leads to server-side request forgery and can be launched...

CVE-2023-25609

A server-side request forgery SSRF vulnerability CWE-918 in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests...

PT-2023-3762 · Fortinet · Fortianalyzer +1

Name of the Vulnerable Software and Affected Versions: FortiManager and FortiAnalyzer GUI versions 6.4.8 through 6.4.11 FortiManager and FortiAnalyzer GUI versions 7.0.0 through 7.0.6 FortiManager and FortiAnalyzer GUI versions 7.2.0 through 7.2.1 Description: A server-side request forgery SSRF...

CVE-2023-3188

Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0...

CVE-2023-2249

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

CVE-2023-2249

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

CVE-2023-1895

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the getremotecontent REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary...

CVE-2023-1895

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the getremotecontent REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary...

CVE-2023-34959

An issue in Chamilo v1.11. up to v1.11.18 allows attackers to execute a Server-Side Request Forgery SSRF and obtain information on the services running on the server via crafted requests in the social and links tools...

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo versions v1.11. through v1.11.18. ...