CVE-2024-48234

Name of the Vulnerable Software and Affected Versions mipjz version 5.0.5

Description An issue in the push method of apptagcontrollerApiAdminTag.php allows the postAddress parameter to be directly passed into curl exec execution and output without proper processing, resulting in a Server-side request forgery (SSRF) vulnerability. This vulnerability can be exploited to read server files.

Recommendations For mipjz version 5.0.5, as a temporary workaround, consider validating and sanitizing the postAddress parameter to prevent malicious input from being executed by curl exec. Restrict access to sensitive server files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.