Unrated severityNVD Advisory· Published Jun 24, 2020· Updated Aug 4, 2024
CVE-2020-13484
CVE-2020-13484
Description
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Bitrix24/Bitrix24description
Patches
Vulnerability mechanics
References
1- gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bdmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.