3 matches found
CVE-2023-28633
creationtimestamp| type| source ---|---|--- 2023-04-05 20:26:32+00:00| seen| https://t.me/cibsecurity/61479...
CVE-2023-28633
GLPI exposes a server-side request forgery (SSRF) in RSS feed handling affecting versions prior to 9.5.13 and 10.0.7 (including older 0.84 lineage). When an RSS feed URL is invalid, the autodiscovery feature is triggered without validating safety/URLs, potentially enabling unauthorized network re...
CVE-2023-28633 GLPI vulnerable to Blind Server-Side Request Forgery (SSRF) in RSS feeds
GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery SSRF. In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature...