Vulnerabilities > CVE-2018-10220 - Server-Side Request Forgery (SSRF) vulnerability in Mushmush Glastopf 3.1.3

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mushmush

CWE-918

NVD

Published: 2018-04-19

Updated: 2024-11-21

Summary

Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation

Vulnerable Configurations

Part	Description	Count
Application	Mushmush Mushmush Glastopf 3.1.3	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/mushorg/glastopf/issues/286
https://github.com/mushorg/glastopf/issues/286