CVE-2020-23776

Published: Jan 26, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.

Affected (1)

Products: Winmail Project: Winmail

Winmail Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Winmail Project Winmail	Version 6.5

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://github.com/zhonghaozhao/winmail/issues/3

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/zhonghaozhao/winmail/issues/3

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.