Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.
References
| Link | Resource |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims | Third Party Advisory |
| https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims - Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
04 Oct 2023, 13:41
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims - Third Party Advisory | |
| First Time |
Slims senayan Library Management System
Slims |
|
| CPE | cpe:2.3:a:slims:senayan_library_management_system:9.6.0:*:*:*:*:*:*:* | |
| CWE | CWE-918 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
02 Oct 2023, 14:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-02 14:15
Updated : 2024-11-21 08:17
NVD link : CVE-2023-3744
Mitre link : CVE-2023-3744
CVE.ORG link : CVE-2023-3744
JSON object : View
Products Affected
slims
- senayan_library_management_system
CWE
CWE-918
Server-Side Request Forgery (SSRF)