CVE-2024-25181

Name of the Vulnerable Software and Affected Versions givanz VvvebJs version 1.7.2

Description A critical issue exists in givanz VvvebJs version 1.7.2 that permits Server-Side Request Forgery (SSRF) and arbitrary file reading. This is due to improper handling of user-supplied URLs within the file get contents function located in the save.php file. Server-Side Request Forgery (SSRF) is a web security flaw that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the save.php file.