|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-02-11 | |
| Rule Name: | Lserp ERP UEditorAjaxApi.ashx SSRF Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Lserp ERP is a business office software. There is a SSRF vulnerability in Lserp ERP UEditorAjaxApi.ashx interface. An unauthenticated remote attacker can use this vulnerability to construct a malicious file on the VPS, make the server access and download the file to the local, and then control the server permissions. | |
| Impact: | SSRF is a security vulnerability constructed by an attacker to form a request initiated by a server. By exploiting this vulnerability, an attacker can bypass access restrictions such as firewalls, thereby using an infected or vulnerable server as a proxy for port scanning and even accessing internal system data. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |