Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.
References
| Link | Resource |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims | Third Party Advisory |
| https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:17
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
| References | () https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims - Third Party Advisory |
04 Oct 2023, 13:41
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:slims:senayan_library_management_system:9.6.0:*:*:*:*:*:*:* | |
| CWE | CWE-918 | |
| First Time |
Slims
Slims senayan Library Management System |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| References | (MISC) https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims - Third Party Advisory |
02 Oct 2023, 14:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-02 14:15
Updated : 2024-11-21 08:17
NVD link : CVE-2023-3744
Mitre link : CVE-2023-3744
CVE.ORG link : CVE-2023-3744
JSON object : View
Products Affected
slims
- senayan_library_management_system
CWE
CWE-918
Server-Side Request Forgery (SSRF)