Bitrix24 up to and including 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bitrix24 bitrix24 |