CVE-2024-33864

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript.

Related Vulnerabilities

CVE-2020-28168

MEDIUM
CVSS:5.9(Medium)

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host o...

CWE-9182020

CVE-2024-24028

MEDIUM
CVSS:5.9(Medium)

Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo.

CWE-9182024

CVE-2016-4046

MEDIUM
CVSS:5.8(Medium)

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the...

CWE-9182016

CVE-2017-7200

MEDIUM
CVSS:5.8(Medium)

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to...

CWE-9182017

CVE-2018-15516

MEDIUM
CVSS:5.8(Medium)

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.

CWE-9182018

CVE-2019-11767

MEDIUM
CVSS:5.8(Medium)

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

CWE-9182019