cbcvebase.
CVE-2024-36675
published 2024-06-04

CVE-2024-36675: LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.

PriorityP275critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.43%
69.6th percentile
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.

Affected

1 ranges
VendorProductVersion rangeFixed in
lylmelylme_spage

Detection & IOCsextracted from sources · hover to see the quote

path/apply/index.php?url=http://{{interactsh-url}}
path/apply/index.php
otherhttp.favicon.hash:-282504889
  • The vulnerable function is get_head; monitor server-side outbound HTTP requests originating from the web application process, especially those triggered by user-supplied 'url' parameter values in apply/index.php.
  • No authentication is required to exploit this SSRF; any unauthenticated GET request to the endpoint with an external or internal URL in the 'url' parameter should be treated as suspicious.
  • ·The Nuclei template uses out-of-band (OOB/interactsh) callback detection; this technique requires an external interaction server and will not fire in air-gapped or strictly egress-filtered environments.
  • ·The template is scoped to exactly LyLme spage v1.9.5 (CPE cpe:2.3:a:lylme:lylme_spage:1.9.5); other versions are not confirmed vulnerable by these sources.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vulncheck9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.