Enviar #785855: HummerRisk 1.5.0 Injectioninformación

TítuloHummerRisk 1.5.0 Injection
DescripciónThe application allows administrators to configure media servers through a REST API endpoint. The streamIp parameter, which specifies the IP address of the media server for streaming purposes, is accepted without validation and stored directly in the database. Later, when users download cloud recordings, the application retrieves the stored MediaServer configuration and uses the streamIp value to construct an HTTP URL for downloading video files. This URL is then passed to the OkHttp client which makes the actual HTTP request without any validation, enabling SSRF attacks.
Fuente⚠️ https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/1
Usuario
 cccccccti (UID 96695)
Sumisión2026-03-23 03:09 (hace 1 mes)
Moderación2026-04-13 15:39 (21 days later)
EstadoAceptado
Entrada de VulDB357141 [HummerRisk hasta 1.5.0 Video File Download URL ServerService.java ServerService.addServer streamIp escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!