CVE-2020-13484 – Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax …

24 June 2020

Vuln ID: CVE-2020-13484

Published: 2020-06-24 15:15:11Z

Description: Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing ‘<meta name="og:image" content="’ followed by an intranet URL.

Source: NVD.NIST.GOV

Date:

24 June 2020

Categorie(s):

NVD

Tag(s):

NVD

Offensive Awakening: The 2024 Shift from Defensive to Proactive Security5 May 2024
End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box5 May 2024
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks5 May 2024
Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement5 May 2024
Dating apps kiss’n’tell all sorts of sensitive personal info4 May 2024