How severe is CVE-2024-5482?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2024-5482?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-5482 - HIGH Severity | CVSS 7.4

Vulnerability Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs, including those that target internal resources such as 'localhost' or '127.0.0.1'. This flaw enables attackers to make unauthorized requests to internal or external systems, potentially leading to access to sensitive data, service disruption, network integrity compromise, business logic manipulation, and abuse of third-party resources. The issue is critical and requires immediate attention to maintain the application's security and integrity.

Related Vulnerabilities

CVE-2016-7999

HIGH

CVSS:7.4(High)

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

CWE-9182016

CVE-2016-9417

HIGH

CVSS:7.4(High)

The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecifi...

CWE-9182016

CVE-2017-5518

HIGH

CVSS:7.4(High)

The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.

CWE-9182017

CVE-2017-5617

HIGH

CVSS:7.4(High)

The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file...

CWE-9182017

CVE-2017-5643

HIGH

CVSS:7.4(High)

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

CWE-9182017

CVE-2017-6130

HIGH

CVSS:7.4(High)

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT ...

CWE-9182017