| 제목 | itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Server-Side Request Forgery |
|---|
| 설명 | paiCoding contains a Server-Side Request Forgery (SSRF) vulnerability in the image upload functionality. The application allows authenticated users to provide external image URLs for automatic conversion and storage. However, the URL validation logic is insufficient, allowing attackers to access internal network resources, cloud metadata endpoints, and other restricted services. |
|---|
| 원천 | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/NK7KdbIrboeB6WxwfhucW1YgnCb?from=from_copylink |
|---|
| 사용자 | xcxr (UID 86629) |
|---|
| 제출 | 2026. 02. 16. AM 01:55 (4 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 26. PM 05:41 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 348015 [itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Image Save Endpoint ImageRestController.java save img 권한 상승] |
|---|
| 포인트들 | 19 |
|---|