Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wallos: SSRF via webhook test endpoint
Vulnerability Description
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in version 4.6.2.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Wallos 代码问题漏洞
Vulnerability Description
Wallos是Miguel Ribeiro个人开发者的一个开源个人订阅跟踪器。 Wallos 4.6.2之前版本存在代码问题漏洞,该漏洞源于testwebhooknotifications.php未针对私有IP范围验证目标URL,可能导致完全读取的服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A