CVE-2024-0946

Name of the Vulnerable Software and Affected Versions 60IndexPage versions up to 1.8.5

Description A critical vulnerability was found in the Parameter Handler component of the file /apply/index.php. The manipulation of the url argument leads to server-side request forgery. This issue can be initiated remotely.

Recommendations For versions up to 1.8.5, as a temporary workaround, consider restricting access to the /apply/index.php endpoint until a patch is available. Avoid using the url argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.