2024-10-25 00:00:00
mitre
PUBLISHED
An issue was discovered in mipjz 5.0.5. In the push method of apptagcontrollerApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files.