What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through <= 1.3.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
What the vulnerability does
Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through <= 1.3.7.
Explanation of Vulnerability in Simple Terms
Youzify versions up to 1.3.7 contain a server-side request forgery vulnerability that allows an authenticated attacker to make the site send requests to internal or external systems on their behalf. The attacker needs low-level privileges and network access. The scope is changed, meaning the impact may extend beyond the vulnerable component itself.
What an attacker can do
Make the site send HTTP requests to internal systems or external servers under the site's identity.
Potential impact on your site
Attackers with basic accounts can probe internal infrastructure, access private APIs, or trigger actions on connected services.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
External resources