PT-2026-25829 · Taoofagi · Easegen-Admin
Vuldb
+1
·
Publicado
2026-03-16
·
Atualizado
2026-03-17
·
CVE-2026-4284
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:L/Au:M/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
taoofagi easegen-admin versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433
Description
A server-side request forgery (SSRF) issue exists in the
downloadFile function within the PPT File Handler component. The issue is caused by manipulation of the url argument. This allows for remote exploitation. The product utilizes a rolling release model, and no specific version details for affected or updated releases are available. The vendor was contacted regarding this disclosure but did not respond.Recommendations
Versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433 should be updated. As a temporary workaround, consider restricting access to the
downloadFile function until a suitable update is available.Exploit
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Easegen-Admin