Количество 2
Количество 2
CVE-2025-67427
A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits arbitrary HTTP or HTTPS URIs, resulting in unexpected requests against internal and external networks.
GHSA-vp8w-wj4m-3r7j
evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-67427 A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits arbitrary HTTP or HTTPS URIs, resulting in unexpected requests against internal and external networks. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| GHSA-vp8w-wj4m-3r7j evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу