Allen Disk Cross-Site Request Forgery Vulnerability (CNVD-2017-11653)

Allen Disk is a free, open source cloud-based hard disk product that features encrypted file storage, online preview, file sharing and more. A cross-site request forgery vulnerability exists in the remotedownload.php file in Allen Disk version 1.6. A remote attacker can exploit this vulnerability...

Server side request forgery (ssrf)

SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter...

CVE-2017-9307

SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter...

CVE-2017-9307

The CVE-2017-9307 entry concerns a known SSRF issue in Allen Disk 1.6, specifically in remotedownload.php, where a crafted file parameter can be used by remote authenticated users to perform port scans and reach internal network services. The related connected documents corroborate that remotedow...