TROYANOSYVIRUS
Retour aux CVEs

CVE-2023-3744

CRITICAL
9.9

Description

Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.

Details CVE

Score CVSS v3.19.9
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie10/2/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

slims:senayan_library_management_system

Faiblesses (CWE)

CWE-918CWE-918

References

https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims(cve-coordination@incibe.es)
https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.