CVE-2023-7037
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Dec 21, 2023
Updated: May 17, 2024
CWE ID 918
Summary
CVE-2023-74037: A critical server-side request forgery (SSRF) vulnerability was identified in Automad up to version 1.10.9. The issue lies in the FileController.php function import, where manipulation of the importUrl argument can lead to unauthorized server requests. This vulnerability can be exploited remotely, and the exploit has been made public. The vulnerability has been assigned the identifier VDB-248686, and the vendor was notified but did not respond.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Automad