Note:
This project will be discontinued after December 13, 2021. [more]
2018-12-19
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
Products | Subsonic |
Type | Cross-Site Request Forgery (CSRF) (CWE-352) Server-Side Request Forgery (SSRF) (CWE-918) |
First patch | - None (likely due to unavailable code) |
Links | https://www.vulnerability-lab.com/get_content.php?id=2175 |