EUVD-2024-48269

Malicious code in bioql PyPI...

EUVD-2024-47923

Malicious code in bioql PyPI...

CVE-2024-7330

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curlexec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The...

CVE-2024-48232

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...

CVE-2024-48234

The CVE-2024-48234 issue affects mipjz 5.0.5. In the push method of app\tag\controller ApiAdminTag.php, the postAddress parameter is not validated and is passed directly to curl_exec, enabling server-side request forgery (SSRF) that can read server files. Red Hat and NVD entries confirm the same ...

CVE-2024-48234

An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...

CVE-2024-48232

CVE-2024-48232 affects mipjz 5.0.5. The issue is in the mipPost method of \app\setting\controller\ApiAdminTool.php, where the postAddress parameter is not validated and is passed directly to curl_exec, enabling Server-Side Request Forgery (SSRF) that can read server files. Documented across NVD/R...

CVE-2024-7330

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curlexec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The...

CVE-2024-7330

Summary: CVE-2024-7330 affects YouDianCMS v7, where the url argument in the function curl_exec located at /App/Core/Extend/Function/ydLib.php can be manipulated to perform server-side request forgery (SSRF). The vulnerability is exploitable remotely, and public disclosures exist. The available co...

CVE-2024-7330 YouDianCMS ydLib.php curl_exec server-side request forgery

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curlexec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The...

CVE-2024-7330 YouDianCMS ydLib.php curl_exec server-side request forgery

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curlexec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The...

YouDianCMS 代码问题漏洞

YouDianCMS YouDian CMS is a website builder from China YouDian Company. A code issue vulnerability exists in YouDianCMS version 7, which stems from the parameter url in the file curlexec /App/Core/Extend/Function/ydLib.php that can lead to server-side request forgery...

CVE-2024-6937 formtools.org Form Tools Import Option List edit.php curl_exec file inclusion

A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curlexec of the file /admin/forms/optionlists/edit.php of the component Import Option List. The manipulation of the argument url leads to file inclusion. It is possible to...

Server-Side Request Forgery (SSRF) in rodber/chevereto-free

Description There was some hardening done previously against private IP addresses in the SSRF vulnerability I disclosed in the previous report https://github.com/rodber/chevereto-free/. However the checks can be bypassed by URL redirection. Proof of Concept If http://example.com resolves to a...

CVE-2018-15495

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curlexec call, as demonstrated by a file:///etc/passwd value...

CVE-2018-15495

CVE-2018-15495 affects Responsive FileManager prior to 9.13.3. The vulnerability allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, demonstrated by file:///etc/passwd. Several connected records (OSV and related entries) note that a fix existed but ...

MaxForum 1.0.0 - Local File Inclusion

No description provided by source. +---------------------------------------+ | MaxForum v1.0.0 Local File Inclusion | +---------------------------------------+ Author.............: ahwak2000 Mail...............: z.u5athotmaildotcom Software link......: http://www.max4dev.com/ Tested versions....:...

pivot-disclosure.txt

?php / Pivot 1.40.5 'Dreamwind' loadtemplate credentials disclosure exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.pivotlog.net/ Google dork: "by Pivot - 1.40.5" +'Dreadwind' -pivotlog.net vulnerability: search.php - lines 98-109: ... ...