Server-Side Request Forgery in MSFM Product by Vendor
CVE-2024-57767

8.6HIGH

Key Information:

Vendor: Vendor
Status: Mysiteforme
Vendor: CVE Published:; 15 January 2025

What is CVE-2024-57767?

A vulnerability has been identified in the MSFM product prior to version 2025.01.01, which allows attackers to exploit a Server-Side Request Forgery (SSRF) through the /file/download component. This exploitation can enable unauthorized access to internal resources, leading to potential data exposure and security risks. Organizations using affected versions are advised to update to ensure their systems are protected from this type of attack.

References

https://gitee.com/wanglingxiao/mysiteforme/issues/IBFVM9

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2025