200 matches found
Server-Side Request Forgery (SSRF)
flarum/core and flarum/framework are vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists due to the insecure implementation of the avatar upload functionality, which allows an attacker to upload files containing malicious URLs by spoofing the MIME type, resulting in SSRF...
CVE-2023-40033
Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofi...
Server side request forgery (ssrf)
Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofi...
GHSA-67C6-Q4J4-HCCG Flarum vulnerable to LFI and Blind SSRF via Avatar upload
Impact The Flarum forum software is affected by a vulnerability that allows an attacker to conduct a Blind SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulat...
Flarum vulnerable to LFI and Blind SSRF via Avatar upload
Impact The Flarum forum software is affected by a vulnerability that allows an attacker to conduct a Blind SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulat...
CVE-2023-40033 Server-Side Request Forgery via Avatar upload in flarum
Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofi...
CVE-2023-40033 Server-Side Request Forgery via Avatar upload in flarum
Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofi...
CVE-2023-40033
CVE-2023-40033 affects Flarum (forum software). The root cause is the intervention/image package interpreting uploaded file contents as a URL, enabling a blind SSRF attack and disclosure of server files when a user uploads a URL-laden file with a spoofed MIME type. Exploitation leads to SSRF, loc...
CVE-2023-40033 Server-Side Request Forgery via Avatar upload in flarum
Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofi...
PT-2023-7222 · Flarum +1 · Flarum +1
Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.8.0 Description: The issue allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. This is due to the...
Flarum 代码问题漏洞
Flarum is an open source forum system for the Flarum community. A code issue vulnerability exists in Flarum versions prior to 1.8.0 that stems from a vulnerability that allows an attacker to disclose any file on the server via an SSRF attack, even if it is a basic user account on a Flarum forum,...
Path Traversal
flarum/core and flarum/framework is vulnerable to Path Traversal. The vulnerability exists because the whenSettingsSaving function in ValidateCustomLess.php does not properly restrict the custom LESS setting, which allows an attacker to access files outside the expected directory and read sensiti...
CVE-2023-27577
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
Path traversal
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
CVE-2023-27577
Summary : CVE-2023-27577 affects flarum prior to 1.7.0. A compromised admin account can exploit a flaw in the LESS parser to perform path traversal and read sensitive server files (e.g., /etc/passwd) by supplying an absolute path in the custom LESS setting. The vulnerability’s impact depends on t...
CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
Flarum 路径遍历漏洞
Flarum is an open source forum system for the Flarum community. A path traversal vulnerability exists in Flarum versions prior to 1.7.0. An attacker can exploit this vulnerability to access files and directories stored outside the web root folder...
PT-2023-21219
Name of the Vulnerable Software and Affected Versions flarum versions prior to 1.7.0 Description The issue affects the LESS parser in flarum, allowing an attacker with a compromised admin account to read sensitive files on the server using path traversal techniques. This can be achieved by...