CVE-2026-5126
MEDIUMSourceCodester RSS Feed Parser file_get_contents server-side request forgery
Title source: cnaDescription
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-354158 | SourceCodester RSS Feed Parser file_get_contents server-side request forgery
https://vuldb.com/vuln/354158
Signature, Permissions Required signature
permissions-required
VDB-354158 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/354158/cti
Third Party Advisory third-party-advisory
Submit #780180 | SourceCodester RSS Feed Parser Using PHP and JavaScript N/A Server-Side Request Forgery
https://vuldb.com/submit/780180
Exploit broken-link
exploit
https://medium.com/@hemantrajbhati5555/discovering-a-blind-ssrf-vulnerability-in-a-php-rss-feed-parser-243f3ccbdafb
Product product
https://www.sourcecodester.com/
Scores
CVSS v3
6.3
EPSS
0.0027
EPSS Percentile
18.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
SourceCodester/RSS Feed Parser
1.0
Published
Mar 30, 2026
Tracked Since
Mar 31, 2026