Security Advisory

CVE-2024-48234

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-25 00:00:00

Last updated 2024-10-29 19:00:05

Assigner mitre

State PUBLISHED

Description

An issue was discovered in mipjz 5.0.5. In the push method of apptagcontrollerApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files.

← Browse all CVEs View on cve.org ↗