CVE-2024-48107

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server.

Related Vulnerabilities

CVE-2010-1637

MEDIUM
CVSS:6.5(Medium)

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3...

CWE-9182010

CVE-2017-10973

MEDIUM
CVSS:6.5(Medium)

In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.

CWE-9182017

CVE-2017-11148

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.

CWE-9182017

CVE-2017-11149

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary loca...

CWE-9182017

CVE-2017-12071

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the...

CWE-9182017

CVE-2017-15886

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.

CWE-9182017