7 matches found
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
CVE-2025-36845
creationtimestamp| type| source ---|---|--- 2025-07-22 00:54:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lujc6n4paj2j 2026-01-16 07:26:42+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-36845.yaml 2026-01-17...
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
EUVD-2025-22140
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
CVE-2025-36846
CVE-2025-36846 affects Eveo URVE Web Manager 27.02.2025. The issue is an OS Command Injection in the /_internal/pc/vpro.php endpoint, where an input parameter is passed directly to PHP shell_exec(), enabling arbitrary command execution. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no p...
CVE-2025-36845
CVE-2025-36845 affects Eveo URVE Web Manager 27.02.2025. A server-side request forgery exists in /_internal/redirect.php due to improper validation of the URL input, enabling the app server to request internal endpoints and reflect content in the response. The Nuclei template confirms the SSRF pa...