CVE-2023-7037

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 21, 2023
Updated: May 17, 2024
CWE ID 918

Summary

CVE-2023-74037: A critical server-side request forgery (SSRF) vulnerability was identified in Automad up to version 1.10.9. The issue lies in the FileController.php function import, where manipulation of the importUrl argument can lead to unauthorized server requests. This vulnerability can be exploited remotely, and the exploit has been made public. The vulnerability has been assigned the identifier VDB-248686, and the vendor was notified but did not respond.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share