Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery in SLiMS
Vulnerability Description
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
SLims 代码问题漏洞
Vulnerability Description
Slims9 Bulian是印度尼西亚Slims社区的一个免费的开源软件。用于图书馆资源管理(如书籍、期刊、数字文档和其他图书馆资料)和管理。 SLims 9.6.0版本存在代码问题漏洞,该漏洞源于允许经过身份验证的攻击者通过 imageURL 参数中的scrape_image.php文件向内部服务发送请求或上传相关文件的内容。
CVSS Information
N/A
Vulnerability Type
N/A