Skip to main content

Seo Panel CVE-2024-22648

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2024-01-30 cve@mitre.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 30, 2024 - 07:15 nvd
MEDIUM 5.3

DescriptionNVD

A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment.

AnalysisAI

A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. Affected products include: Seopanel Seo Panel. Version information: version 4.10.0..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2025-29452 HIGH POC
7.6 Apr 17

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. R

CVE-2025-29451 HIGH POC
7.6 Apr 17

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. Ra

CVE-2021-28419 HIGH POC
7.2 Mar 18

The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads

CVE-2024-22643 MEDIUM POC
6.5 Jan 30

A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unautho

CVE-2021-39413 MEDIUM POC
6.1 Nov 05

Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backl

CVE-2021-3002 MEDIUM POC
6.1 Jan 01

Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. Rated medium severity (C

CVE-2020-35930 MEDIUM POC
5.4 Dec 31

Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/we

CVE-2024-22647 MEDIUM POC
5.3 Jan 30

An user enumeration vulnerability was found in SEO Panel 4.10.0. Rated medium severity (CVSS 5.3), this vulnerability is

CVE-2024-22646 MEDIUM POC
5.3 Jan 30

An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. Rated medi

CVE-2017-10839 HIGH
8.8 Aug 29

SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary

CVE-2021-29010 MEDIUM POC
4.8 Mar 25

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in th

CVE-2021-29009 MEDIUM POC
4.8 Mar 25

A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in th

Share

CVE-2024-22648 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy