Vulnerabilities > CVE-2021-33213 - Server-Side Request Forgery (SSRF) vulnerability in Element-It Http Commander 5.3.3

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

element-it

CWE-918

NVD

Published: 2021-07-14

Updated: 2021-07-16

Summary

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.

Vulnerable Configurations

Part	Description	Count
Application	Element-It Element IT Http Commander 5.3.3	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-027.txt
https://www.syss.de/pentest-blog/