cbcvebase.
CVE-2024-27564
published 2024-03-05

CVE-2024-27564: pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of…

PriorityP275medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
40.64%
98.5th percentile
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

Affected

2 ranges
VendorProductVersion rangeFixed in
dirk1983chatgpt
dirk1983mm1.ltd_source_code

Detection & IOCsextracted from sources · hover to see the quote

pathpictureproxy.php
otherurl (GET/POST parameter)
hashf9f4bbc
  • Monitor HTTP requests to pictureproxy.php where the 'url' parameter contains internal/private IP ranges or non-public hostnames, indicating SSRF exploitation attempts.
  • ·The repository name associated with this vulnerability may change over time as it was noted to be misleading; the archived copy of pictureproxy.php should be used as the authoritative reference for the vulnerable code.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vulncheck5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.