Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-40969: [Security Bugs] Server Side Request Forgery at pop_p2p.php · Issue #204 · slims/slims9_bulian

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.

CVE
Open in Source
#google#php#ssrf#chrome

The bug

A Server Side Request Forgery exists in admin/modules/bibliography/pop_p2p.php at the code below

$detail_uri = $_GET[‘uri’] . “/index.php?p=show_detail&inXML=true&id=” . $_GET[‘biblioID’]; // parse XML $data = modsXMLsenayan($detail_uri, ‘uri’);

To Reproduce

Steps to reproduce the behavior:

  1. Login as admin or user that has access to bibliography
  2. set up netcat to listen to a specific port (example: 7878)
  3. go to the /admin/modules/bibliography/pop_p2p.php?uri=http://LOCALHOST_OR_LISTENER_IP:7878
  4. the netcat should receive a request

Screenshots****proof-of-concept using pipedream****proof-of-concept using netcat****versions

  • Browser: Google Chrome | 115.0.5790.114 (Official Build) (x86_64)
    Slims Version: slims9_bulian-9.6.1

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE