Vulnerabilities > CVE-2020-23776 - Server-Side Request Forgery (SSRF) vulnerability in Winmail Project Winmail 6.5

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

winmail-project

CWE-918

NVD

Published: 2021-01-26

Updated: 2021-02-03

Summary

A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.

Vulnerable Configurations

Part	Description	Count
Application	Winmail_Project Winmail Project Winmail 6.5	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/zhonghaozhao/winmail/issues/3