PT-2023-32845 · Automad · Automad
Maland
·
Published
2023-12-21
·
Updated
2024-05-17
·
CVE-2023-7037
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
automad versions up to 1.10.9
Description
A critical issue affects the
import function in the FileController.php file, where the manipulation of the importUrl argument leads to server-side request forgery. This can be initiated remotely and may allow attackers to perform a port scan against the local environment or abuse some services.Recommendations
For versions up to 1.10.9, consider disabling the
import function in the FileController.php file until a patch is available, or restrict the use of the importUrl argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automad