What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
What the vulnerability does
Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4.
Explanation of Vulnerability in Simple Terms
Hercules Core versions 7.4 and earlier contain a server-side request forgery vulnerability. An authenticated attacker with low privileges can make the site send HTTP requests to internal or external systems on their behalf. The impact is limited to reading non-sensitive data and making minor modifications. Exploitation requires network access and specific conditions to be met.
What an attacker can do
Make the site send HTTP requests to internal systems or external servers on the attacker's behalf.
Potential impact on your site
Attackers with low-privilege accounts can probe internal infrastructure or interact with external services using your site's IP address.
Conditions required to exploit
Attacker must have low-level authenticated access to the site; no user interaction required.
Key dates
External resources
Related vulnerabilities