CVE-2023-3744

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-3744
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.

9.9 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:slims:senayan_library_management_system:9.6.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-10-02 14:15

Updated : 2024-11-21 08:17

NVD link : CVE-2023-3744

Mitre link : CVE-2023-3744

CVE.ORG link : CVE-2023-3744

JSON object : View

Products Affected

slims

  • senayan_library_management_system
CWE
CWE-918

Server-Side Request Forgery (SSRF)