What the vulnerability does
01Description
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
What the vulnerability does
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
Explanation of Vulnerability in Simple Terms
PopAd versions up to 1.0.4 contain a server-side request forgery vulnerability that allows high-privilege users to make the application send HTTP requests to internal or external systems on their behalf. The attacker must have administrative access and the scope of impact extends beyond the vulnerable component. This could expose internal services or be used to interact with external systems.
What an attacker can do
Make the site send HTTP requests to internal or external systems without authorization.
Potential impact on your site
An admin account could be compromised to probe internal infrastructure or attack external services.
Conditions required to exploit
Attacker must have high-level administrative privileges; no user interaction required.
Key dates
External resources
Related vulnerabilities