Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-0945— 60IndexPage Parameter file.php server-side request forgery

CVSS 7.3 · High EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-0945

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
60IndexPage Parameter file.php server-side request forgery
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
LyLme Spage 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LyLme Spage(六零导航页)是中国六零(LyLme)开源的一个导航页面。致力于简洁高效无广告的上网导航和搜索入口,支持后台添加链接、自定义搜索引擎,沉淀最具价值链接,全站无商业推广,简约而不简单。 LyLme Spage 1.8.5版本及之前版本存在代码问题漏洞,该漏洞源于对参数 url 的错误操作会导致服务器端请求伪造。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-60IndexPage 1.8.0 -

II. Public POCs for CVE-2024-0945

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-0945

登录查看更多情报信息。

Same Patch Batch · n/a · 2024-01-26 · 21 CVEs total

CVE-2024-09467.3 HIGH60IndexPage Parameter index.php server-side request forgery
CVE-2024-09415.5 MEDIUMNovel-Plus list sql injection
CVE-2024-09482.4 LOWNetBox Home Page Configuration config-revisions cross site scripting
CVE-2024-22551Usha InformatiqueC WhatACart 跨站脚本漏洞
CVE-2024-22550ShopSite 安全漏洞
CVE-2022-48622gdk-pixbuf 安全漏洞
CVE-2024-22545TRENDnet TEW-824DRU 安全漏洞
CVE-2023-48133Line 安全漏洞
CVE-2023-48130Line 安全漏洞
CVE-2023-48129Line 安全漏洞
CVE-2023-48128Line 安全漏洞
CVE-2023-48126Line 安全漏洞
CVE-2023-48135Line 安全漏洞
CVE-2023-48132Line 安全漏洞
CVE-2023-48131Line 安全漏洞
CVE-2023-48127Line 安全漏洞
CVE-2023-38323openNDS 安全漏洞
CVE-2023-38319OpenNDS 安全漏洞
CVE-2023-38318OpenNDS 安全漏洞
CVE-2023-38317openNDS 安全漏洞

IV. Related Vulnerabilities

Same product: 60IndexPage
Same vendor: n/a
Same weakness: CWE-918

V. Comments for CVE-2024-0945

No comments yet

Leave a comment