Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3744: Server Side Request Forgery Slims | INCIBE-CERT

Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the “scrape_image.php” file in the imageURL parameter.

CVE
#vulnerability#php#ssrf#auth

Affected Resources

SLiMS, 9.6.0 version

Description

INCIBE has coordinated the publication of 1 vulnerability in SLiMS (Senayan Library Management System), a library management system, who has been discovered by David Utón Amaya (m3n0sd0n4ld).

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-3744: CVSS v3.1: 9,9 | CVSS: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | CWE-918.

Solution

The vulnerability has been fixed in the latest version of SLiMS.

Detail

CVE-2023-3744: Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the “scrape_image.php” file in the imageURL parameter.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907