CVE-2014-9304

Plex Media Server < 0.9.9.2 - Server-Side Request Forgery and Authentication Bypass via X-Plex-Url Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9304. PoCs published by SEC Consult.

AI-analyzed exploit summary The advisory details an authentication bypass via SSRF and local file disclosure in Plex Media Server. The SSRF exploit abuses header concatenation to bypass whitelist validation, while directory traversal allows unauthenticated file access.

Description

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.

Exploits (1)

exploitdb WRITEUP
by SEC Consult · textwebappsmultiple
https://www.exploit-db.com/exploits/31983

The advisory details an authentication bypass via SSRF and local file disclosure in Plex Media Server. The SSRF exploit abuses header concatenation to bypass whitelist validation, while directory traversal allows unauthenticated file access.

Classification
Writeup 100%
Attack Type
Ssrf | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Plex Media Server <=0.9.9.2.374-aa23a69
No auth needed
Prerequisites: Network access to Plex Media Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0811
EPSS Percentile 94.1%

Details

CWE
CWE-264
Status published
Products (1)
plex/media_server < 0.9.9.2
Published Dec 07, 2014
Tracked Since Feb 18, 2026