CVE-2023-49471

HIGH

bar_assistant < 3.2.0 - Authenticated Server-Side Request Forgery via Image::make()

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49471. PoCs published by zunak.

AI-analyzed exploit summary This repository contains a functional Proof of Concept (PoC) for CVE-2023-49471, demonstrating a Blind SSRF vulnerability in Bar Assistant versions prior to 3.2.0. The exploit leverages an authenticated user's ability to upload an image by URL, which is processed without proper validation, allowing an attacker to perform Server-Side Request Forgery.

Description

Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code.

Exploits (1)

nomisec WORKING POC
by zunak · poc
https://github.com/zunak/CVE-2023-49471

This repository contains a functional Proof of Concept (PoC) for CVE-2023-49471, demonstrating a Blind SSRF vulnerability in Bar Assistant versions prior to 3.2.0. The exploit leverages an authenticated user's ability to upload an image by URL, which is processed without proper validation, allowing an attacker to perform Server-Side Request Forgery.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: Bar Assistant < 3.2.0
Auth required
Prerequisites: Authenticated user access · Target application running Bar Assistant < 3.2.0
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/zunak/CVE-2023-49471

Scores

CVSS v3 8.8
EPSS 0.0113
EPSS Percentile 62.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-918
Status published
Products (1)
barassistant/bar_assistant < 3.2.0
Published Jan 10, 2024
Tracked Since Feb 18, 2026