Submeter #785855: HummerRisk 1.5.0 Injectioninformação

TítuloHummerRisk 1.5.0 Injection
DescriçãoThe application allows administrators to configure media servers through a REST API endpoint. The streamIp parameter, which specifies the IP address of the media server for streaming purposes, is accepted without validation and stored directly in the database. Later, when users download cloud recordings, the application retrieves the stored MediaServer configuration and uses the streamIp value to construct an HTTP URL for downloading video files. This URL is then passed to the OkHttp client which makes the actual HTTP request without any validation, enabling SSRF attacks.
Fonte⚠️ https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/1
Utilizador
 cccccccti (UID 96695)
Submissão23/03/2026 03h09 (há 26 dias)
Moderação13/04/2026 15h39 (21 days later)
EstadoAceite
Entrada VulDB357141 [HummerRisk até 1.5.0 Video File Download URL ServerService.java ServerService.addServer streamIp Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!