| عنوان | itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Server-Side Request Forgery |
|---|
| الوصف | paiCoding contains a Server-Side Request Forgery (SSRF) vulnerability in the image upload functionality. The application allows authenticated users to provide external image URLs for automatic conversion and storage. However, the URL validation logic is insufficient, allowing attackers to access internal network resources, cloud metadata endpoints, and other restricted services. |
|---|
| المصدر | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/NK7KdbIrboeB6WxwfhucW1YgnCb?from=from_copylink |
|---|
| المستخدم | xcxr (UID 86629) |
|---|
| ارسال | 16/02/2026 01:55 AM (4 أشهر منذ) |
|---|
| الاعتدال | 26/02/2026 05:41 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 348015 [itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Image Save Endpoint ImageRestController.java save img تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|