Submit #785855: HummerRisk 1.5.0 Injectioninfo

TitelHummerRisk 1.5.0 Injection
BeschreibungThe application allows administrators to configure media servers through a REST API endpoint. The streamIp parameter, which specifies the IP address of the media server for streaming purposes, is accepted without validation and stored directly in the database. Later, when users download cloud recordings, the application retrieves the stored MediaServer configuration and uses the streamIp value to construct an HTTP URL for downloading video files. This URL is then passed to the OkHttp client which makes the actual HTTP request without any validation, enabling SSRF attacks.
Quelle⚠️ https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/1
Benutzer
 cccccccti (UID 96695)
Einreichung23.03.2026 03:09 (vor 23 Tagen)
Moderieren13.04.2026 15:39 (21 days later)
StatusAkzeptiert
VulDB Eintrag357141 [HummerRisk bis 1.5.0 Video File Download URL ServerService.java ServerService.addServer streamIp erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!