CVE-2023-3015

Published: May 31, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230359.

Affected (1)

Products: Vip Video Analysis Project: Vip Video Analysis

Vip Video Analysis Project

1 product

Vip Video Analysis

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vip Video Analysis Project Vip Video Analysis	Version 1.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/VIP-video-analysis/SSRF.md

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.230359

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.230359

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/VIP-video-analysis/SSRF.md

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://vuldb.com/?ctiid.230359

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.230359

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.