CVE-2023-32750

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.

Related Vulnerabilities

CVE-2010-1637

MEDIUM
CVSS:6.5(Medium)

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3...

CWE-9182010

CVE-2017-10973

MEDIUM
CVSS:6.5(Medium)

In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.

CWE-9182017

CVE-2017-11148

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.

CWE-9182017

CVE-2017-11149

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary loca...

CWE-9182017

CVE-2017-12071

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the...

CWE-9182017

CVE-2017-15886

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.

CWE-9182017