Server-Side Request Forgery (SSRF) in aimeos/aimeos-core

Valid

Reported on

Jul 7th 2021

✍️ Description

Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this web app is vulnerable for stored SSRF thru svg files

poc

This vulnerability is capable SSRF

StandardTest.php L10

We have contacted a member of the aimeos/aimeos-core team and are waiting to hear back 2 years ago

commented 2 years ago

Researcher

reopening https://www.huntr.dev/bounties/1625429205812-aimeos/aimeos-laravel/ here for low severity and wrong repo

Abdul muhaimin has invalidated this vulnerability 2 years ago

wrong

The disclosure bounty has been dropped

The fix bounty has been dropped

Aimeos marked this as fixed with commit 1d72b7 2 years ago

Aimeos has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation