CVE-2024-0304 | Youke365 up to 1.5.3 collect.php url server-side request forgery

Inserito da Angelo Barbosa | Gen 7, 2024 | CVE

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery.

This vulnerability is known as CVE-2024-0304. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-0304 | Youke365 up to 1.5.3 collect.php url server-side request forgery

Post correlati

CVE-2024-0960 | flink-extended ai-flow 0.3.1 workflow_command.py cloudpickle.loads deserialization

CVE-2024-38574 | Linux Kernel up to 6.8.11/6.9.2 libbpf bpf_objec_load_prog null pointer dereference (ef80b59acfa4/1fd91360a758/9bf48fa19a4b)

VDB-261594 | CrushFTP up to 10.7.1/11.0 VFS information disclosure

CVE-2023-38566 | Intel ISPC software prior 1.21.0 uncontrolled search path (intel-sa-00994)