Описание
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.
Ссылки
- Product
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:eveo:urve_web_manager:27.02.2025:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07236
Низкий
8.6 High
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 8.6
github
7 месяцев назад
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only reachable by the application server.
EPSS
Процентиль: 91%
0.07236
Низкий
8.6 High
CVSS3
Дефекты
CWE-918