CVE-2023-40033

HIGH EPSS 33.8%
Published Aug 16, 20232y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Aug 16, 2023 2y ago
Last Modified Jun 17, 2026 2w ago

Description

Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability.

CVSS Details

Base Score
7.1
Exploitability
2.8
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
33.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
flarumflarum* <1.8.0

References 2

  • github.com https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570
    Patch
  • github.com https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg
    Vendor Advisory

Remediation

  • github.com https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570
    Patch