cbcvebase.
CVE-2024-48360
published 2024-10-31

CVE-2024-48360: Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.

PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.91%
89.0th percentile
Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.

Affected

2 ranges
VendorProductVersion rangeFixed in
qualitorqualitor
qualitorqualitor

Detection & IOCsextracted from sources · hover to see the quote

path/request/viewValidacao.php
  • Monitor HTTP requests to /request/viewValidacao.php in Qualitor v8.24 for SSRF payloads — look for internal IP ranges, cloud metadata endpoints (e.g. 169.254.169.254), or unexpected outbound connections originating from the web server process after requests to this endpoint.
  • The nuclei template for this CVE uses an Interactsh out-of-band callback to confirm SSRF — detect exploitation attempts by monitoring for DNS/HTTP callbacks to Interactsh infrastructure triggered by requests to the vulnerable endpoint.
  • ·The nuclei template checks for HTTP 200 status code as part of detection; a 200 response alone is not sufficient to confirm exploitation — out-of-band (OOB) callback confirmation via Interactsh is required for reliable detection.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.