CVE-2026-44583
Paymenter has Blind Unauthenticated SSRF on the Paypal gateway module
描述
### Summary The PayPal webhook endpoint `/extensions/paypal/webhook` processes the `PAYPAL-CERT-URL` HTTP header without validation, allowing attackers to control server-side HTTP request destinations. ### Technical details: The `/extensions/paypal/webhook` endpoint processes incoming webhook requests and trusts the value of the `PAYPAL-CERT-URL` HTTP header without validation. This value is passed directly into a server-side HTTP request via `file_get_contents`, allowing attackers to control the destination of the request. No allowlist, validation, or signature verification is applied to the header before usage. As a result, the application can be coerced into performing HTTP requests to attacker-controlled or internal network destinations. ### Impact This vulnerability allows remote unauthenticated attackers to induce server-side HTTP GET requests to arbitrary external or internal endpoints. Depending on network configuration, this may lead to: - Blind SSRF to external attacker-controlled systems - Potential access to internal network services No direct response data is returned to the attacker (blind SSRF), but the issue may still enable sensitive network probing or data exfiltration via side channels.
如何修補 CVE-2026-44583
要修補 CVE-2026-44583,請將受影響套件升級到下列已修補版本。
- —升級至 1.5.0 或更新版本
CVE-2026-44583 正在被利用嗎?
目前沒有被利用訊號。CVE-2026-44583 既不在 CISA KEV 也沒有最新的 EPSS 分數。
受影響套件(1)
- from 0, < 1.5.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |