Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-q5q3-qm26-9jwm: Authenticated Blind SSRF in automad/automad

automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in importUrl as the import function on the FileController.php file was not properly validating the value of the importUrl argument. This issue may allow attackers to perform a port scan against the local environment or abuse some service.

ghsa
#git#php#perl#ssrf#auth

Authenticated Blind SSRF in automad/automad

Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 29, 2023

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection