Submeter #708994: mymagicpower AIAS <=1.0.0 SSRFinformação

Títulomymagicpower AIAS <=1.0.0 SSRF
DescriçãoA SSRF vulnerability was discovered on /api/asr/zhAsrForLongAudioUrl, in latest version of AIAS. The target URI parameter for network requests is user-controllable and lacks sufficient security processing, resulting in an SSRF vulnerability that allows attackers to exploit this flaw to probe and exploit internal services of the target system.
Fonte⚠️ https://github.com/mymagicpower/AIAS/issues/54
Utilizador
 ZAST.AI (UID 87884)
Submissão08/12/2025 08h44 (há 5 meses)
Moderação25/12/2025 13h48 (17 days later)
EstadoDuplicado
Entrada VulDB303689 [mymagicpower AIAS 20250308 AsrController.java url Elevação de Privilégios]
Pontos0

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!