6 matches found
EUVD-2025-38186
ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...
CVE-2024-30213
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...
StoneFly Storage Concentrator Security Vulnerability
StoneFly Storage Concentrator is a storage concentrator virtual machine from StoneFly. A security vulnerability exists in StoneFly Storage Concentrator versions prior to 8.0.4.26, which originates from allowing remote authenticated users to achieve command injection via a Ping URL, which can lead...
PT-2024-23258 · Stonefly · Stonefly Storage Concentrator
Name of the Vulnerable Software and Affected Versions: StoneFly Storage Concentrator SC and SCVM versions prior to 8.0.4.26 Description: The issue allows remote authenticated users to achieve command injection via a Ping URL, leading to remote code execution. Recommendations: For versions prior t...
CVE-2024-30213
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...
CVE-2024-30213
CVE-2024-30213 affects StoneFly Storage Concentrator (SC and SCVM) prior to version 8.0.4.26. The issue allows remote authenticated users to perform command injection via a Ping URL, leading to remote code execution. Affected versions: SC/SCVM before 8.0.4.26. Mitigation: update to 8.0.4.26 or la...