CVE-2024-53696

MEDIUM Year: 2024
Weakness Type
CWE-918
View all →

Vulnerability Description

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.829 ( 2024/10/01 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later QTS 4.5.4.2957 build 20241119 and later QuTS hero h4.5.4.2956 build 20241119 and later

Related Vulnerabilities

CVE-2016-10926

CRITICAL
CVSS:10.0(Critical)

The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.

CWE-9182016

CVE-2016-10927

CRITICAL
CVSS:10.0(Critical)

The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.

CWE-9182016

CVE-2017-11291

CRITICAL
CVSS:10.0(Critical)

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.

CWE-9182017

CVE-2017-12905

CRITICAL
CVSS:10.0(Critical)

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

CWE-9182017

CVE-2017-8794

CRITICAL
CVSS:10.0(Critical)

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.ht...

CWE-9182017

CVE-2018-10511

CRITICAL
CVSS:10.0(Critical)

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.

CWE-9182018