CVE-2018-10220

Name of the Vulnerable Software and Affected Versions: Glastopf version 3.1.3-dev

Description: The issue concerns a Server-Side Request Forgery (SSRF) in Glastopf, demonstrated through the abc.php a parameter. It is noted that the vendor considers this behavior intentional, as Glastopf is a web application honeypot. The product includes modules for emulation, such as Remote File Inclusion, which is supported by the rfi.py file in the modules/handlers/emulators directory.

Recommendations: For Glastopf version 3.1.3-dev, consider restricting access to the abc.php endpoint to minimize the risk of exploitation, as the SSRF behavior is considered part of the honeypot's intentional functionality.