cbcvebase.
CVE-2022-45835
published 2023-11-13

CVE-2022-45835: Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15.

PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
37.67%
98.3th percentile
Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15.

Affected

2 ranges
VendorProductVersion rangeFixed in
phonepephonepe<= 1.0.15
phonepephonepe_payment_solutionsn/a – 1.0.15

Detection & IOCsextracted from sources · hover to see the quote

url/?phonepe_action=curltestPhonePe&url=http://{{interactsh-url}}
otherphonepe_action=curltestPhonePe
  • Look for GET requests containing the query parameter 'phonepe_action=curltestPhonePe' combined with a 'url=' parameter pointing to an external/arbitrary domain — this is the SSRF trigger endpoint.
  • A successful SSRF exploitation response will contain the string 'cURL Test for PhonePe' in the HTTP response body with a 200 status code.
  • Monitor for out-of-band HTTP callbacks (OAST/interactsh) triggered by the server after receiving a request to the curltestPhonePe action, indicating successful SSRF.
  • ·The SSRF endpoint is unauthenticated (unauth) — no credentials or session are required to trigger the vulnerability, making it exploitable by any remote attacker.
  • ·Affected versions are PhonePe Payment Solutions 1.0.15 and below; the fix was introduced in version 2.0.0. Ensure detection rules are scoped to installations running versions up to and including 1.0.15.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.