24 matches found
Arbitrary Command Injection
Overview mcp-server-rijksmuseum is a Affected versions of this package are vulnerable to Arbitrary Command Injection via the openimageinbrowser function. An attacker can execute arbitrary operating system commands by manipulating the imageUrl argument remotely. Remediation There is no fixed versi...
CVE-2025-61488
An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...
CVE-2025-61488
CVE-2025-61488 affects SLiMS (Senayan Library Management System) 9 Bulian v.9.6.1. The Red Hat and other sources describe a vulnerability in scrap_image.php via the imageURL parameter that could allow a remote attacker to execute arbitrary code. The CVSS-like metrics indicate network access, high...
CVE-2023-3744
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2020-26948
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...
JeecgBoot JimuReport Security Vulnerability
JeecgBoot is a Chinese Java low-code platform for enterprise web applications. A security vulnerability exists in JeecgBoot JimuReport version 1.6.1 and prior versions, which stems from an incorrect manipulation of the parameter imageUrl that can lead to relative path traversal...
CVE-2023-3744
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...
CVE-2023-3744
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...
Server side request forgery (ssrf)
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...
CVE-2023-3744 Server-Side Request Forgery in SLiMS
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...
SLims Code Issue Vulnerability
Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A code issue vulnerability exists in SLims version 9.6.0, which stems from a...
Server-side Request Forgery (SSRF)
github.com/imgproxy/imgproxy is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists due to unsafe sanitation of the imageURL parameter, which allows an attacker to cause server-side request forgery...
GHSA-9X7H-GGC3-XG47 imgproxy is vulnerable to Server-Side Request Forgery
imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
PT-2023-22513 · Imgproxy · Imgproxy
Name of the Vulnerable Software and Affected Versions: imgproxy versions 3.14.0 and earlier imgproxy prior to version 3.15.0 Description: The issue is related to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter. This allows for potential exploitation...
imgproxy 代码问题漏洞
imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote images. A security vulnerability exists in imgproxy version 3.14.0 and earlier versions, which stems from a lack of cleanup of the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...