What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
What the vulnerability does
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.
Explanation of Vulnerability in Simple Terms
Slider Templates versions 1.0.3 and earlier contain a server-side request forgery vulnerability. An authenticated user with low privileges can make the site send HTTP requests to internal or external systems on the attacker's behalf. The impact is limited to reading non-sensitive data and making minor modifications. No user interaction is required from victims.
What an attacker can do
Make the site send HTTP requests to internal systems or external servers to read data or trigger actions.
Potential impact on your site
Authenticated attackers can probe your internal network, access metadata services, or trigger outbound requests that may violate your security policy.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no victim interaction needed.
Key dates
External resources