Lucene search
K

5 matches found

Huntr
Huntr
added 2023/09/04 9:11 a.m.36 views

Incomplete fix for SSRF in CVE-2023-4651

Description The fix commit a6bf758de0b3242b0c0e4b47a588aae0c94305b0 for CVE-2023-4651 is not complete. Only ip based URLs are blocked. Proof of Concept Clone the latest repo and install. On server, listen for 1234 on localhost. Use http://localhost:1234/ as URL for image upload. Observe a hit on...

5.5CVSS7AI score0.00349EPSS
Exploits2References1
NVD
NVD
added 2023/08/31 1:15 a.m.24 views

CVE-2023-4651

Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...

6.4CVSS5.8AI score0.00349EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/08/31 12:0 a.m.24 views

CVE-2023-4651 Server-Side Request Forgery (SSRF) in instantsoft/icms2

Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...

6.4CVSS5.8AI score0.00349EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/08/31 12:0 a.m.10 views

CVE-2023-4651 Server-Side Request Forgery (SSRF) in instantsoft/icms2

Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...

6.4CVSS6.8AI score0.00349EPSS
Exploits1References2
CVE
CVE
added 2023/08/31 12:0 a.m.38 views

CVE-2023-4651

CVE-2023-4651 describes a Server-Side Request Forgery (SSRF) in instantsoft/icms2 prior to 2.16.1. Affected component: icms2 server handling image/url fetches. Root cause: SSRF in how URLs are processed, allowing the server to make unintended requests. Impact: as described by the sources, potenti...

6.4CVSS5.6AI score0.00349EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder