CVE-2023-7037

描述

automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in `importUrl` as the `import` function on the `FileController.php` file was not properly validating the value of the `importUrl` argument. This issue may allow attackers to perform a port scan against the local environment or abuse some service.

受影響套件(1)

• Packagist/automad/automadfrom 0, <= 1.10.9

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-7037
• PATCHhttps://github.com/marcantondahmen/automad
• WEBhttps://github.com/screetsec/VDD/tree/main/Automad%20CMS/Authenticated%20Blind%20SSRF
• WEBhttps://vuldb.com/?ctiid.248686
• WEBhttps://vuldb.com/?id.248686