CVE-2023-53893

MEDIUM

Ateme TITAN File 3.9.12.4 - SSRF

Title source: llm

Description

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/51582

View Code ZIP pw:eip

References (4)

[Product] https://www.ateme.com/product-titan-software/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51582

[Third Party Advisory] https://www.vulncheck.com/advisories/ateme-titan-file-authenticated-server-side-request-forgery-vulnerability

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-918

Status published

Products (5)

Ateme/TITAN 3.9.12.4

ateme/titan_file 3.9.8.0

ateme/titan_file 3.9.9.2

ateme/titan_file 3.9.11.0

ateme/titan_file 3.9.12.4

Published Dec 15, 2025

Tracked Since Feb 18, 2026