CVE-2023-3744

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3744

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3744.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3744

Published

2023-10-02T14:15:09Z

Modified

2025-10-21T13:21:03.310758Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims

Affected packages

Git / github.com/slims/slims9_bulian

Affected ranges

Type: GIT
Repo: https://github.com/slims/slims9_bulian
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

be363e3696e0cce7cdf72649b00dec05d7eb3a6d

Affected versions

v9.*

v9.0.0

v9.1.0

v9.1.1

v9.2.0

v9.2.1

v9.2.2

v9.3.0

v9.3.1

v9.4.0

v9.4.1

v9.4.2

v9.5.0

v9.5.1

v9.5.2

v9.6.0