PT-2026-34046 · Bagisto · Bagisto
Hai271120
·
Published
2026-04-21
·
Updated
2026-04-22
·
CVE-2026-6744
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Bagisto versions prior to 2.3.16
Description
An issue exists in the Downloadable Link Handler component within the
copy() function. Remote manipulation of this function can lead to server-side request forgery, a flaw where an attacker can induce the server-side application to make requests to an unintended location.Recommendations
As a temporary workaround, consider restricting the use of the
copy() function in the Downloadable Link Handler component until a patch is available.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bagisto