CVE-2024-48232

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF) vulnerability that can read server files.

Related Vulnerabilities

CVE-2018-1999017

MEDIUM
CVSS:4.9(Medium)

Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authentic...

CWE-9182018

CVE-2019-7616

MEDIUM
CVSS:4.9(Medium)

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set th...

CWE-9182019

CVE-2020-14023

MEDIUM
CVSS:4.9(Medium)

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.

CWE-9182020

CVE-2020-5562

MEDIUM
CVSS:4.9(Medium)

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-C...

CWE-9182020

CVE-2021-25972

MEDIUM
CVSS:4.9(Medium)

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails...

CWE-9182021

CVE-2021-32698

MEDIUM
CVSS:4.9(Medium)

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see t...

CWE-9182021