CVE-2024-48360
published 2024-10-31CVE-2024-48360: Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.
PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.91%
89.0th percentile
Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualitor | qualitor | — | — |
| qualitor | qualitor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to /request/viewValidacao.php in Qualitor v8.24 for SSRF payloads — look for internal IP ranges, cloud metadata endpoints (e.g. 169.254.169.254), or unexpected outbound connections originating from the web server process after requests to this endpoint. ↗
- →The nuclei template for this CVE uses an Interactsh out-of-band callback to confirm SSRF — detect exploitation attempts by monitoring for DNS/HTTP callbacks to Interactsh infrastructure triggered by requests to the vulnerable endpoint.
- ·The nuclei template checks for HTTP 200 status code as part of detection; a 200 response alone is not sufficient to confirm exploitation — out-of-band (OOB) callback confirmation via Interactsh is required for reliable detection.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Qualitor <= v8.24 - Server-Side Request Forgery
nuclei·CVSS 7.5
CVE-2024-48360 [HIGH] Qualitor <= v8.24 - Server-Side Request Forgery
Qualitor Interactsh Server "
- type: status
status:
- 200
# digest: 4a0a0047304502201a0937ae0f8bc428f899db58fd1ed438aa24b8139cddf6164e15f60be4b1971d022100b1f8d844e43d10288148df3ae7987fcb437d2a2c4903a5e7ca1c8f7b117ba742:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2024-10-31
Published