Key Information Vulnerability Overview Vulnerability Type: SSRF (Server-Side Request Forgery) Affected Software: unmark v1.9.3 File: application/controllers/Marks.php Version: 2.8.0 Analysis Code Issue: - Line 33: directly uses the user-provided . - Lines 25-28: Only checks if the URL starts with or , without filtering internal (private) addresses. - Lack of whitelist validation: No mechanism in the code to block or filter internal network addresses. POC (Proof of Concept) Request Example: Response Example: Summary This vulnerability allows attackers to access internal network resources by crafting malicious URLs, potentially leading to further security risks.