Skip to main content

SEO Meta Tag Extractor CVE-2026-10287

| EUVD-2026-33758 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-01 VulDB GHSA-877v-m842-xq9p
PHP SSRF
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 01, 2026 - 21:22 NVD
HIGH MEDIUM
CVSS changed
Jun 01, 2026 - 21:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)
Analysis Generated
Jun 01, 2026 - 20:52 vuln.today

DescriptionCVE.org

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Server-side request forgery in SourceCodester SEO Meta Tag Extractor 1.0 allows remote unauthenticated attackers to coerce the application into making arbitrary outbound HTTP requests by manipulating the 'url' parameter passed to the get_headers() function in /index.php. Publicly available exploit code exists per VulDB, increasing the likelihood of opportunistic abuse against exposed instances, though no active exploitation has been confirmed via CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Meta Tag Extractor instance
Delivery
Craft URL parameter targeting internal resource
Exploit
Submit request to /index.php
Execution
Server invokes get_headers() against attacker-chosen URL
Persist
Response headers reveal internal service data
Impact
Pivot to enumerate internal network or cloud metadata
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The vulnerable /index.php endpoint of SEO Meta Tag Extractor 1.0 must be reachable by the attacker over HTTP/HTTPS, and the application must accept the 'url' GET/POST parameter consumed by get_headers() - these are the default conditions of the stock SourceCodester distribution, with no authentication, user interaction, or non-default configuration required (CVSS PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L scores 7.3, reflecting network-reachable, unauthenticated, no-user-interaction exploitation with low impact across CIA, which is consistent with a typical unblind SSRF that does not auto-escalate to RCE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker on the internet sends a GET request to /index.php with the 'url' parameter set to http://169.254.169.254/latest/meta-data/iam/security-credentials/ on a cloud-hosted instance, causing the server to fetch the cloud metadata service and return response headers that may leak internal information. Using the publicly available PoC writeup on HackMD, the attacker can iterate through internal IPs and ports to map the target's internal network or probe admin interfaces normally firewalled from the public internet.
Remediation No vendor-released patch identified at time of analysis; SourceCodester projects of this type are commonly distributed as one-off code samples without an ongoing maintenance stream. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all instances of SourceCodester SEO Meta Tag Extractor 1.0 in your production environment; implement network segmentation to restrict outbound connectivity from affected servers to only necessary internal systems; enable comprehensive logging of HTTP requests originating from this application. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49952 CRITICAL POC
9.3 Jun 15

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
CVE-2026-49954 HIGH POC
8.6 Jun 15

Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a

CVE-2026-49768 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
CVE-2026-27053 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
CVE-2026-49104 CRITICAL
9.8 Jun 15

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo

Share

CVE-2026-10287 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy