CVE-2024-0304 MEDIUM

CVE-2024-0304: Youke365 collect.php server-side request forgery

Vendor N/A
Product Youke365
Weakness CWE-918 · SSRF
Published January 8, 2024
Last update June 3, 2025
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871.

Key dates

02Disclosure timeline

January 8, 2024 CVE published
June 3, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-5817 Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery CVE-2023-6964 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) CVE-2021-38132 Possible External service interaction Vulnerability CVE-2026-9312 Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint CVE-2024-29030 memos vulnerable to an SSRF in /api/resource