High severity7.5NVD Advisory· Published Jan 26, 2021· Updated Jun 17, 2026
CVE-2020-23776
CVE-2020-23776
Description
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Winmail/Winmaildescription
Patches
Vulnerability mechanics
References
1- github.com/zhonghaozhao/winmail/issues/3nvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.