Submit #771949: taoofagi easegen-admin 2.3.0 Server-Side Request Forgeryinfo

Titletaoofagi easegen-admin 2.3.0 Server-Side Request Forgery
DescriptionThe easegen-admin application contains a Server-Side Request Forgery (SSRF) vulnerability in the PPT analysis functionality. The /admin-api/digitalcourse/course-ppts/create endpoint accepts a user-controlled url parameter that is used to download PPT files without proper validation, allowing attackers to make the server send HTTP requests to arbitrary internal or external targets.
Source⚠️ https://fx4tqqfvdw4.feishu.cn/docx/XF5WdvWAEoU9jyx2C2mcImSMnBg?from=from_copylink
User
 xcxr (UID 86629)
Submission03/05/2026 02:14 (1 month ago)
Moderation03/16/2026 17:26 (12 days later)
StatusAccepted
VulDB entry351290 [taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433 PPT File PPTUtil.java downloadFile url server-side request forgery]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!