CVE-2023-3744

Name of the Vulnerable Software and Affected Versions SLims version 9.6.0

Description The issue allows an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape image.php" file in the imageURL parameter. This is a Server-Side Request Forgery vulnerability.

Recommendations For SLims version 9.6.0, as a temporary workaround, consider restricting access to the "scrape image.php" file or limiting the use of the imageURL parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.