PT-2023-32845 · Automad · Automad
Maland
·
Publicado
2023-12-21
·
Atualizado
2024-05-17
·
CVE-2023-7037
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
automad versions up to 1.10.9
Description
A critical issue affects the
import function in the FileController.php file, where the manipulation of the importUrl argument leads to server-side request forgery. This can be initiated remotely and may allow attackers to perform a port scan against the local environment or abuse some services.Recommendations
For versions up to 1.10.9, consider disabling the
import function in the FileController.php file until a patch is available, or restrict the use of the importUrl argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Automad