MEDIUM🇵🇱 Wersja polska

CVE-2024-48107

CVSS 6.5v3.1pub. 2024-10-28upd. 2025-04-18

SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Sparkshop

    APP
    Sparkshop
    ≤ 1.1.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2025-50722CRITICAL9.8PL ✓ten sam produkt

RCE w Sparkshop v.1.1.7 — podatność w komponencie Common.php

CVE-2024-40425CRITICAL9.8PL ✓ten sam produkt

Krytyczna podatność File Upload umożliwiająca RCE w Sparkshop

CVE-2024-46307HIGH7.5ten sam produkt

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of produ...

CVE-2024-57685MEDIUM5.3ten sam produkt

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar...