CVE-2023-3744
CRITICALSLims 9.6.0 - Authenticated Server-Side Request Forgery via scrape_image.php imageURL Parameter
Title source: llmDescription
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.
References (1)
Core 1
Core References
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims
Scores
CVSS v3
9.9
EPSS
0.0046
EPSS Percentile
36.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-918
Status
published
Products (1)
slims/senayan_library_management_system
9.6.0
Published
Oct 02, 2023
Tracked Since
Feb 18, 2026