Headline
CVE-2023-3744: Server Side Request Forgery Slims | INCIBE-CERT
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the “scrape_image.php” file in the imageURL parameter.
Affected Resources
SLiMS, 9.6.0 version
Description
INCIBE has coordinated the publication of 1 vulnerability in SLiMS (Senayan Library Management System), a library management system, who has been discovered by David Utón Amaya (m3n0sd0n4ld).
This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:
- CVE-2023-3744: CVSS v3.1: 9,9 | CVSS: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | CWE-918.
Solution
The vulnerability has been fixed in the latest version of SLiMS.
Detail
CVE-2023-3744: Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the “scrape_image.php” file in the imageURL parameter.