8 matches found
Server Side Request Forgery
automad is vulnerable to Server Side Request Forgery. The vulnerability is due to improper validation of the importUrl argument within FileController.php. This issue can be exploited by an attacker to internal perform a port scan against the local environment or abuse local services...
GHSA-Q5Q3-QM26-9JWM Authenticated Blind SSRF in automad/automad
automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in importUrl as the import function on the FileController.php file was not properly validating the value of the importUrl argument. This issue may allow attackers to perform a port scan against the local...
Authenticated Blind SSRF in automad/automad
automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in importUrl as the import function on the FileController.php file was not properly validating the value of the importUrl argument. This issue may allow attackers to perform a port scan against the local...
Server side request forgery (ssrf)
A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit ha...
CVE-2023-7037
The CVE-2023-7037 entry describes a SSRF flaw in automad up to version 1.10.9, triggered by manipulating the importUrl argument in FileController.php during the import function. This enables remote triggering of SSRF, with discussions of potential internal scans or abuse of local services in rela...
CVE-2023-7037 automad FileController.php import server-side request forgery
A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit ha...
CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...
Lychee 2.7.1 Remote Code Execution Vulnerability
Lychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator. Title: Lychee remote code execution Product: Lychee Version: 2.7.1 and probably prior Vendor: lychee.electerious.com Vulnerability type: Remote Code Execution Risk level: High Credit: Filip...