| عنوان | HummerRisk 1.5.0 Injection |
|---|
| الوصف | The application allows administrators to configure media servers through a REST API endpoint. The streamIp parameter, which specifies the IP address of the media server for streaming purposes, is accepted without validation and stored directly in the database. Later, when users download cloud recordings, the application retrieves the stored MediaServer configuration and uses the streamIp value to construct an HTTP URL for downloading video files. This URL is then passed to the OkHttp client which makes the actual HTTP request without any validation, enabling SSRF attacks. |
|---|
| المصدر | ⚠️ https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/1 |
|---|
| المستخدم | cccccccti (UID 96695) |
|---|
| ارسال | 23/03/2026 03:09 AM (27 أيام منذ) |
|---|
| الاعتدال | 13/04/2026 03:39 PM (21 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 357141 [HummerRisk حتى 1.5.0 Video File Download URL ServerService.java ServerService.addServer streamIp تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|