Enviar #708995: mymagicpower AIAS <=1.0.0 SSRFinformación

Títulomymagicpower AIAS <=1.0.0 SSRF
DescripciónA SSRF vulnerability was discovered on /api/asr/enAsrForLongAudioUrl, in latest version of AIAS. The target URI parameter for network requests is user-controllable and lacks sufficient security processing, resulting in an SSRF vulnerability that allows attackers to exploit this flaw to probe and exploit internal services of the target system.
Fuente⚠️ https://github.com/mymagicpower/AIAS/issues/55
Usuario
 ZAST.AI (UID 87884)
Sumisión2025-12-08 08:45 (hace 5 meses)
Moderación2025-12-25 13:48 (17 days later)
EstadoDuplicado
Entrada de VulDB303689 [mymagicpower AIAS 20250308 AsrController.java url escalada de privilegios]
Puntos0

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!