An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. Attackers can take advantage of this feature for SSRF.įlyteConsole is the web user interface for the Flyte platform. CALIBRE WEB SYNOLOGY CREATE METADATA.DB DRIVERDuring the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Databasir 1.01 has Server-Side Request Forgery vulnerability. ICMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.ĬlipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.Ī security issue was discovered in WeBid In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.ĭatabasir is a team-oriented relational database model document management platform. KkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.ĬlipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |