Server-Side Request Forgery (SSRF) in aimeos/aimeos-core


Reported on

Jul 7th 2021

✍️ Description

Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this web app is vulnerable for stored SSRF thru svg files

🕵️‍♂️ Proof of Concept


💥 Impact

This vulnerability is capable SSRF

We have contacted a member of the aimeos/aimeos-core team and are waiting to hear back 2 years ago
Abdul muhaimin
2 years ago


reopening here for low severity and wrong repo

Abdul muhaimin has invalidated this vulnerability 2 years ago


The disclosure bounty has been dropped
The fix bounty has been dropped
Aimeos marked this as fixed with commit 1d72b7 2 years ago
Aimeos has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation