Vulnerabilities > CVE-2018-15657 - Server-Side Request Forgery (SSRF) vulnerability in 42Gears Suremdm 6.34/6.35
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
D2sec
| name | SureMDM File Disclosure |
| url | http://www.d2sec.com/exploits/suremdm_file_disclosure.html |
Exploit-Db
| file | exploits/windows/webapps/46305.txt |
| id | EDB-ID:46305 |
| last seen | 2019-02-01 |
| modified | 2019-02-01 |
| platform | windows |
| port | 80 |
| published | 2019-02-01 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/46305 |
| title | SureMDM < 2018-11 Patch - Local / Remote File Inclusion |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/151469/suremdm-lfirfi.txt |
| id | PACKETSTORM:151469 |
| last seen | 2019-02-02 |
| published | 2019-02-02 |
| reporter | Digital Interruption |
| source | https://packetstormsecurity.com/files/151469/SureMDM-Local-Remote-File-Inclusion.html |
| title | SureMDM Local / Remote File Inclusion |