CVE-2020-13484

Published: Jun 24, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bd

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-13484

Description

Affected Products

References