How severe is CVE-2023-3121?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2023-3121?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2023-3121

MEDIUM Year: 2023

CVSS v3 Score

4.6

Medium

CVSS v2 Score

2.7

Low

Weakness Type

CWE-918

View all →

Vulnerability Description

A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-31993

MEDIUM

CVSS:4.5(Medium)

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to poi...

CWE-9182024

CVE-2017-16678

MEDIUM

CVSS:4.7(Medium)

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacke...

CWE-9182017

CVE-2021-41084

MEDIUM

CVSS:4.7(Medium)

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the f...

CWE-9182021

CVE-2024-10903

MEDIUM

CVSS:4.7(Medium)

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisit...

CWE-9182024

CVE-2017-20106

MEDIUM

CVSS:4.4(Medium)

A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the...

CWE-9182017

CVE-2022-44730

MEDIUM

CVSS:4.4(Medium)

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / da...

CWE-9182022

CVE-2023-3121

Vulnerability Description

Related Vulnerabilities

CVE-2024-31993

CVE-2017-16678

CVE-2021-41084

CVE-2024-10903

CVE-2017-20106

CVE-2022-44730