PT-2022-20950 · Monstaftp · Monstaftp
Zer0Yu
·
Published
2022-06-09
·
Updated
2022-06-15
·
CVE-2022-31827
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MonstaFTP version 2.10.3
Description
The issue is related to a Server-Side Request Forgery (SSRF) that can be exploited via the
performFetchRequest function at HTTPFetcher.php. This allows for potential unauthorized access to internal resources.Recommendations
For MonstaFTP version 2.10.3, consider disabling the
performFetchRequest function at HTTPFetcher.php as a temporary workaround until a patch is available. Restrict access to the HTTPFetcher.php module to minimize the risk of exploitation.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Monstaftp