Server-Side Request Forgery (SSRF) in aimeos/aimeos-core

Valid

Reported on

Jul 7th 2021


✍️ Description

Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this web app is vulnerable for stored SSRF thru svg files

🕵️‍♂️ Proof of Concept

poc

💥 Impact

This vulnerability is capable SSRF

We have contacted a member of the aimeos/aimeos-core team and are waiting to hear back 5 months ago
Abdul muhaimin
5 months ago

Researcher


reopening https://www.huntr.dev/bounties/1625429205812-aimeos/aimeos-laravel/ here for low severity and wrong repo

Abdul muhaimin has invalidated this vulnerability 5 months ago

wrong

The disclosure bounty has been dropped
The fix bounty has been dropped
Aimeos confirmed that a fix has been merged on 1d72b7 5 months ago
Aimeos has been awarded the fix bounty