CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0303

Critical Severity
Youke365
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.00116/1

CVE-2024-0303 is a critical Server-Side Request Forgery (SSRF) vulnerability in Youke365. This flaw allows remote attackers to manipulate the 'url' parameter in the /app/api/controller/caiji.php file to force the server to make requests to unintended locations. With an SVRS of 84, CVE-2024-0303 demands immediate attention due to the high risk of exploitation. The vulnerability, affecting Youke365 versions up to 1.5.3, enables attackers to potentially access internal resources, bypass security controls, or perform other malicious actions by leveraging the server's trust. The public availability of the exploit increases the likelihood of attacks. The high CVSS score of 9.8 further underscores the severity. Organizations using Youke365 should promptly apply available patches or mitigations to prevent potential data breaches and system compromise.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-01-08
LAST MODIFIED2024-05-17
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-0303 is a critical vulnerability found in Youke365 up to version 1.5.3. It allows server-side request forgery (SSRF) attacks by manipulating the 'url' argument in the '/app/api/controller/caiji.php' file. This vulnerability can be exploited remotely, and the exploit has been publicly disclosed.

Key Insights:

  1. High Severity: The SVRS score of 67 indicates a high severity level, highlighting the urgency of addressing this vulnerability. A score above 80 would signify a critical vulnerability requiring immediate action.

  2. SSRF Attacks: This vulnerability enables attackers to perform SSRF attacks, allowing them to send crafted HTTP requests to internal systems or external resources on behalf of the affected server. This could lead to sensitive data exposure, unauthorized access, or even remote code execution.

  3. Public Exploit: The exploit for this vulnerability has been publicly disclosed, making it more accessible to attackers. This increases the likelihood of exploitation attempts and emphasizes the need for immediate patching or mitigation measures.

  4. Remote Exploitation: The vulnerability can be exploited remotely, making it easier for attackers to target vulnerable systems without requiring physical access or local network connectivity.

Mitigation Strategies:

  1. Apply Software Updates: Organizations should prioritize patching or updating Youke365 to the latest version (1.5.4 or later) as soon as possible to address this vulnerability.

  2. Implement Input Validation: Developers should implement robust input validation mechanisms to prevent malicious or malformed 'url' arguments from being processed by the application.

  3. Enable Web Application Firewall (WAF): Organizations can deploy a WAF to block malicious HTTP requests and protect against SSRF attacks. The WAF should be configured to detect and block requests with suspicious patterns or characteristics.

  4. Educate Employees: Organizations should educate employees about the risks of SSRF attacks and encourage them to be cautious when clicking on links or opening attachments from untrusted sources.

Additional Information:

  • Threat Actors/APT Groups: There is no information available regarding specific threat actors or APT groups actively exploiting this vulnerability.

  • Exploit Status: Active exploits have been published, increasing the risk of exploitation.

  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.

  • In the Wild: There is no information available to confirm whether this vulnerability is actively exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppYouke365youke_365

References

ReferenceLink
[email protected]https://note.zhaoj.in/share/fssH60eQkvSl
[email protected]https://vuldb.com/?ctiid.249870
[email protected]https://vuldb.com/?id.249870

CWE Details

CWE IDCWE NameDescription
CWE-918Server-Side Request Forgery (SSRF)The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence