CVE-2023-3744

Summary

CVE-2023-3744 is a Server-Side Request Forgery (SSRF) vulnerability discovered in SLims version 9.6.0. An authenticated attacker can exploit this vulnerability by manipulating the "imageURL" parameter in the "scrape_image.php" file. This could potentially allow the attacker to send malicious requests to internal services or upload files to the server, posing a significant security risk. The vulnerability can be mitigated by implementing input validation and access control measures to prevent unauthorized requests. It is recommended that users update to the latest version of SLims or contact the vendor for a patch as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.