High severity7.5NVD Advisory· Published Jul 20, 2023· Updated Jun 17, 2026
CVE-2023-37290
CVE-2023-37290
Description
InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 22547
Patches
Vulnerability mechanics
References
1- www.twcert.org.tw/tw/cp-132-7226-12195-1.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.