CVE-2023-40033

Name of the Vulnerable Software and Affected Versions Flarum versions prior to 1.8.0

Description The issue allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. This is due to the behavior of the intervention/image package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. An attacker can exploit this by uploading a file containing a URL and spoofing the MIME type, manipulating the application to execute unintended actions. This enables the attacker to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack.

Recommendations For versions prior to 1.8.0, upgrade to version 1.8.0 to resolve the issue. As a temporary workaround for the SSRF aspect of the vulnerability, consider disabling PHP's allow url fopen, which will prevent the fetching of external files via URLs.