CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-0304

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.4%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 6.5

References

https://note.zhaoj.in/share/3jF3Xpl3ttlZ
https://vuldb.com/?ctiid.249871
https://vuldb.com/?id.249871
https://note.zhaoj.in/share/3jF3Xpl3ttlZ
https://vuldb.com/?ctiid.249871
https://vuldb.com/?id.249871

Products affected by CVE-2024-0304

Youke365 » Youke 365 » Version: 1.5.0

cpe:2.3:a:youke365:youke_365:1.5.0
Youke365 » Youke 365 » Version: 1.5.3

cpe:2.3:a:youke365:youke_365:1.5.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-0304

Products

Pricing

Contact Us