CVE-2023-37290 HIGH

CVE-2023-37290: InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF)

Vendor Infodoc
Product Document On-line Submission and Approval System
Weakness CWE-918 · SSRF
Published July 20, 2023
Last update October 24, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology.

Key dates

02Disclosure timeline

July 20, 2023 CVE published
October 24, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-45362 WordPress Paytm Payment Gateway Plugin <= 2.7.0 is vulnerable to Server Side Request Forgery (SSRF) CVE-2026-42595 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass CVE-2022-2756 Server-Side Request Forgery (SSRF) in kareadita/kavita CVE-2025-3254 xujiangfei admintwo add server-side request forgery CVE-2025-24703 WordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerability