CVE-2024-48232

Name of the Vulnerable Software and Affected Versions mipjz version 5.0.5

Description A Server-side request forgery (SSRF) vulnerability exists due to the improper handling of the postAddress parameter in the mipPost method of the ApiAdminTool.php file. This allows an attacker to read server files by directly passing the postAddress value into curl exec execution and output.

Recommendations For mipjz version 5.0.5, as a temporary workaround, consider validating and sanitizing the postAddress parameter to prevent unauthorized access to server files. Restrict the use of the curl exec function to minimize the risk of exploitation.