CVE-2024-33832
published 2024-04-30CVE-2024-33832: OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info.
PriorityP340medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EXPLOIT
EPSS
0.72%
49.3th percentile
OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)
nuclei·CVSS 6.3
CVE-2024-33832 [MEDIUM] OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)
OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)
OneNav v0.9.35-20240318 is vulnerable to server-side request forgery (SSRF) via the url parameter in the get_link_info API. An attacker can force the server to make arbitrary requests, potentially accessing internal resources.
Template:
id: CVE-2024-33832
info:
name: OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)
author: ritikchaddha
severity: medium
description: |
OneNav v0.9.35-20240318 is vulnerable to server-side request forgery (SSRF) via the url parameter in the get_link_info API. An attacker can force the server to make arbitrary requests, potentially accessing internal resources.
impact: |
Authenticated attackers can force the server to make arbitrary requests via the url parameter in the get_link_info A
No writeups or analysis indexed.
2024-04-30
Published