Squidex
Monthly
Blind Server-Side Request Forgery (SSRF) in Squidex prior to version 7.23.0 allows authenticated administrators to force the backend server to interact with the local filesystem via the `file://` protocol in the Restore API's `Url` parameter, potentially disclosing sensitive system information through side-channel analysis of internal logs. No public exploit code or active exploitation has been identified at time of analysis.
Server-Side Request Forgery in Squidex versions prior to 7.23.0 allows authenticated users with asset upload permissions to force the CMS server to fetch arbitrary URLs, including internal network resources and localhost endpoints, storing the retrieved content as platform assets. This enables reconnaissance of internal infrastructure, exfiltration of cloud metadata endpoints (AWS/Azure credentials), and access to services not exposed to the internet. CVSS 7.3 (High) with CVSS 4.0 E:P (Proof-of-concept exists). Vendor patch available in version 7.23.0 per GitHub security advisory GHSA-x7cq-4f4c-8qcv.
Server-Side Request Forgery (SSRF) in Squidex versions before 7.23.0 allows authenticated users with schema editing permissions to force the server to make arbitrary HTTP requests to internal services and cloud metadata endpoints through the Jint scripting engine. The vulnerability can expose cloud provider credentials (e.g., AWS IMDS) and enable lateral movement within internal networks. Exploitation requires only low-privilege authentication (PR:L) and has publicly available exploit code (E:P in CVSS 4.0 vector). Vendor-confirmed patch available in version 7.23.0.
Server-Side Request Forgery in Squidex's backup restoration endpoint allows authenticated administrators to probe internal network services and access cloud metadata endpoints. The RestoreController.PostRestoreJob endpoint accepts arbitrary URLs without SSRF protection, enabling internal reconnaissance through the application's HTTP client. Exploitation requires high privileges (admin authentication) but grants access to confidential internal resources and sensitive cloud service metadata. Version 7.23.0 patches this vulnerability. EPSS exploitation probability and active exploitation status are not reported in available intelligence.
Server-Side Request Forgery (SSRF) vulnerability in Squidex CMS webhook configuration allows authenticated administrators to make requests to internal services by specifying localhost or internal IP addresses as webhook destinations. PoC available.
Blind Server-Side Request Forgery (SSRF) in Squidex prior to version 7.23.0 allows authenticated administrators to force the backend server to interact with the local filesystem via the `file://` protocol in the Restore API's `Url` parameter, potentially disclosing sensitive system information through side-channel analysis of internal logs. No public exploit code or active exploitation has been identified at time of analysis.
Server-Side Request Forgery in Squidex versions prior to 7.23.0 allows authenticated users with asset upload permissions to force the CMS server to fetch arbitrary URLs, including internal network resources and localhost endpoints, storing the retrieved content as platform assets. This enables reconnaissance of internal infrastructure, exfiltration of cloud metadata endpoints (AWS/Azure credentials), and access to services not exposed to the internet. CVSS 7.3 (High) with CVSS 4.0 E:P (Proof-of-concept exists). Vendor patch available in version 7.23.0 per GitHub security advisory GHSA-x7cq-4f4c-8qcv.
Server-Side Request Forgery (SSRF) in Squidex versions before 7.23.0 allows authenticated users with schema editing permissions to force the server to make arbitrary HTTP requests to internal services and cloud metadata endpoints through the Jint scripting engine. The vulnerability can expose cloud provider credentials (e.g., AWS IMDS) and enable lateral movement within internal networks. Exploitation requires only low-privilege authentication (PR:L) and has publicly available exploit code (E:P in CVSS 4.0 vector). Vendor-confirmed patch available in version 7.23.0.
Server-Side Request Forgery in Squidex's backup restoration endpoint allows authenticated administrators to probe internal network services and access cloud metadata endpoints. The RestoreController.PostRestoreJob endpoint accepts arbitrary URLs without SSRF protection, enabling internal reconnaissance through the application's HTTP client. Exploitation requires high privileges (admin authentication) but grants access to confidential internal resources and sensitive cloud service metadata. Version 7.23.0 patches this vulnerability. EPSS exploitation probability and active exploitation status are not reported in available intelligence.
Server-Side Request Forgery (SSRF) vulnerability in Squidex CMS webhook configuration allows authenticated administrators to make requests to internal services by specifying localhost or internal IP addresses as webhook destinations. PoC available.