Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46236: SSRF via unauthenticated endpoint(s).

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch.

CVE
Open in Source
#vulnerability#web#apache#php#ssrf#auth

Package

packages/web/maintenance/getversion.php (PHP)

Affected versions

< 1.5.10

packages/web/maintenance/kernelvers.php (PHP)

Description

Impact

A server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration.

Patches

Patched since commit 9125f35ff649a3e7fd7771b1c8e5add3c726f763 and version 1.5.10.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE