| शीर्षक | elecV2 <=3.8.3 SSRF |
|---|
| विवरण | The /mock endpoint accepts a request object and passes it directly to eAxios() without authentication or URL validation. With type: "req", the server fetches any attacker-supplied URL, enabling internal network scanning and data exfiltration. Confirmed via DNS callback.
|
|---|
| स्रोत | ⚠️ https://github.com/elecV2/elecV2P/issues/202 |
|---|
| उपयोगकर्ता | ZAST.AI (UID 87884) |
|---|
| सबमिशन | 13/03/2026 05:31 AM (4 महीनों पहले) |
|---|
| संयम | 27/03/2026 03:12 PM (14 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 353901 [elecV2 elecV2P तक 3.8.3 URL /mock eAxios req अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|