Vulnerabilities

CVE-2020-13484

by Fred · 24/06/2020

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing ‘https://gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bd

Similar

Tags: Cybersecurity Alert