← back
CVE-2024-48232

CVE-2024-48232

CVSS 4.9 MEDIUMEPSS 0.5%CWE-918
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.9EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF) vulnerability that can read server files.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →