Precisely similar to CVE-2021-36594 but it's another vulnerability:
SSRF in Oxwall <= 1.8.7 (11111), Motoshub <= 2 (11030) allows an attacker to execute arbitrary codes via internal API server or PHAR deserialization or ... via the "url" parameter.
Write-up (Root Cause Analysis + Technical details + Full Exploit Codes) will be published on my Blog later.
So please update!
Impact of this vulnerability on a target: (id)
Patches
According to the maintainers' claim, they patched this vulnerability for their premium users, but free users need to patch it manually (Please see Workarounds).
Workarounds
Please make these changes to your source code:
Oxwall:
Motoshub:
References
Motoshub
Motoshub/issues/1
Oxwall
For more information
If you have any questions or comments about this advisory:
mir-hossein Analyst
Precisely similar to CVE-2021-36594 but it's another vulnerability:
SSRF in Oxwall <= 1.8.7 (11111), Motoshub <= 2 (11030) allows an attacker to execute arbitrary codes via internal API server or PHAR deserialization or ... via the "url" parameter.
Write-up (Root Cause Analysis + Technical details + Full Exploit Codes) will be published on my Blog later.
So please update!
Impact of this vulnerability on a target: (id)
Patches
According to the maintainers' claim, they patched this vulnerability for their premium users, but free users need to patch it manually (Please see Workarounds).
Workarounds
Please make these changes to your source code:
Oxwall:
Motoshub:
References
Motoshub
Motoshub/issues/1
Oxwall
For more information
If you have any questions or comments about this advisory: