What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through <= 1.0.36.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
What the vulnerability does
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through <= 1.0.36.
Explanation of Vulnerability in Simple Terms
External Media versions up to 1.0.36 contain a server-side request forgery vulnerability. An authenticated attacker with low privileges can make the site send HTTP requests to internal or external systems on their behalf. The impact is limited to reading non-sensitive data and making minor modifications. Exploitation requires network access and specific conditions to be met.
What an attacker can do
Make the site send HTTP requests to internal systems or external servers to read data or trigger actions.
Potential impact on your site
Authenticated users can probe your internal network or make outbound requests that appear to originate from your server.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
External resources