exploitDog

CVE-2023-3744

Опубликовано: 02 окт. 2023

Источник: nvd

CVSS3: 9.9

CVSS3: 8.8

EPSS Низкий

Описание

Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:slims:senayan_library_management_system:9.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00098

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-hjvr-v7mw-6f2j

CVSS3: 9.9

github

больше 2 лет назад

Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.

EPSS

Процентиль: 27%

0.00098

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-918

CWE-918