5 matches found
Incomplete fix for SSRF in CVE-2023-4651
Description The fix commit a6bf758de0b3242b0c0e4b47a588aae0c94305b0 for CVE-2023-4651 is not complete. Only ip based URLs are blocked. Proof of Concept Clone the latest repo and install. On server, listen for 1234 on localhost. Use http://localhost:1234/ as URL for image upload. Observe a hit on...
CVE-2023-4651
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4651 Server-Side Request Forgery (SSRF) in instantsoft/icms2
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4651 Server-Side Request Forgery (SSRF) in instantsoft/icms2
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4651
CVE-2023-4651 describes a Server-Side Request Forgery (SSRF) in instantsoft/icms2 prior to 2.16.1. Affected component: icms2 server handling image/url fetches. Root cause: SSRF in how URLs are processed, allowing the server to make unintended requests. Impact: as described by the sources, potenti...