Server-Side Request Forgery (SSRF) in aimeos/aimeos-core


Reported on

Jul 7th 2021

✍️ Description

Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this web app is vulnerable for stored SSRF thru svg files

🕵️‍♂️ Proof of Concept


💥 Impact

This vulnerability is capable SSRF

We have contacted a member of the aimeos/aimeos-core team and are waiting to hear back 5 months ago
Abdul muhaimin
5 months ago


reopening here for low severity and wrong repo

Abdul muhaimin has invalidated this vulnerability 5 months ago


The disclosure bounty has been dropped
The fix bounty has been dropped
Aimeos confirmed that a fix has been merged on 1d72b7 5 months ago
Aimeos has been awarded the fix bounty