31Eki
CVE-2024-48346 | xtreme1 up to 0.9.1 /api/data/upload fileUrl server-side request forgery (Issue 284)
A vulnerability classified as critical was found in xtreme1 up to 0.9.1. This vulnerability affects unknown code of the file /api/data/upload. The manipulation of the argument fileUrl leads to server-side request forgery. This vulnerability was named CVE-2024-48346. Access to the local network is required for this attack. There is no exploit available.