Submit #758974: itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Server-Side Request Forgeryinfo

Titleitwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Server-Side Request Forgery
DescriptionpaiCoding contains a Server-Side Request Forgery (SSRF) vulnerability in the image upload functionality. The application allows authenticated users to provide external image URLs for automatic conversion and storage. However, the URL validation logic is insufficient, allowing attackers to access internal network resources, cloud metadata endpoints, and other restricted services.
Source⚠️ https://fx4tqqfvdw4.feishu.cn/docx/NK7KdbIrboeB6WxwfhucW1YgnCb?from=from_copylink
User
 xcxr (UID 86629)
Submission02/16/2026 01:55 AM (2 months ago)
Moderation02/26/2026 05:41 PM (11 days later)
StatusAccepted
VulDB entry348015 [itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Image Save Endpoint ImageRestController.java save img server-side request forgery]
Points19

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!