CVE-2021-25972

MEDIUM Year: 2021
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.

Related Vulnerabilities

CVE-2018-1999017

MEDIUM
CVSS:4.9(Medium)

Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authentic...

CWE-9182018

CVE-2019-7616

MEDIUM
CVSS:4.9(Medium)

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set th...

CWE-9182019

CVE-2020-14023

MEDIUM
CVSS:4.9(Medium)

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.

CWE-9182020

CVE-2020-5562

MEDIUM
CVSS:4.9(Medium)

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-C...

CWE-9182020

CVE-2021-32698

MEDIUM
CVSS:4.9(Medium)

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see t...

CWE-9182021

CVE-2021-42079

MEDIUM
CVSS:4.9(Medium)

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.

CWE-9182021