Title:Emby Server 代码问题漏洞 (CVE-2020-26948) Description:Emby Server是个人开发者的一款功能强大的媒体服务器。该产品主要可用于视频音频和照片等多媒体整合编辑。 Emby Server 4.5.0之前版本存在代码问题漏洞,该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。该漏洞允许攻击者通过Items / RemoteSearch / Image ImageURL参数使用SSRF。
Description
Emby Server before 4.5.0 allows server-side request forgery (SSRF) via the Items/RemoteSearch/Image ImageURL parameter.
File Snapshot
id: CVE-2020-26948
info:
name: Emby Server Server-Side Request Forgery
author: dwisiswant0
se
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.