38 matches found
CVE-2026-2945
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has bee...
CVE-2026-2945
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has bee...
Mogu blog 路径遍历漏洞
Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A path traversal vulnerability exists in Mogu blog v2 5.2 and earlier versions, which stems from the improper handling of the fileUrl parameter in the FileOperation.unzi...
EUVD-2020-23720
Malware in sbrugna...
CVE-2024-48346
xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...
PT-2024-33086 · Xtreme1 · Xtreme1
Name of the Vulnerable Software and Affected Versions: xtreme1 versions prior to 0.9.2 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It is triggered through the fileUrl parameter in the "/api/data/upload" API endpoint, allowing an attacker to make arbitrar...
CVE-2024-48346
xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...
CVE-2024-48346
xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...
SUSE CVE-2024-43362
Cacti is an open source performance and fault management framework. The fileurl parameter is not properly sanitized when saving external links in links.php . Morever, the said fileurl is placed in some html code which is passed to the print function in link.php and index.php, finally leading to...
UBUNTU-CVE-2024-43362
Cacti is an open source performance and fault management framework. The fileurl parameter is not properly sanitized when saving external links in links.php . Morever, the said fileurl is placed in some html code which is passed to the print function in link.php and index.php, finally leading to...
PT-2024-7358 · Cacti +1 · Cacti +1
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.28 Description: The issue is related to the lack of protection of the web page structure in the Cacti network monitoring tool, specifically in the links.php script. This allows a remote attacker to perform cross-si...
CVE-2024-1117
A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The...
CVE-2023-3121
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclose...
Dahua Smart Parking Management 代码问题漏洞
Dahua Smart Parking Management is a parking solution from Dahua, China. A code issue vulnerability exists in Dahua Smart Parking Management 20230528 and prior versions, which stems from an issue with unknown code in the file /ipms/imageConvert/image, where manipulation of the parameter fileUrl ca...
CVE-2022-30049
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
CVE-2022-30049
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
CVE-2022-30049
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
CVE-2022-30049
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
PT-2022-19985 · Rebuild · Rebuild
Name of the Vulnerable Software and Affected Versions: Rebuild version 2.8.3 Description: A Server-Side Request Forgery SSRF issue allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. This enables attackers to access internal network details...