CRITICAL🇵🇱 Wersja polska

CVE-2024-33449

CVSS 9.8v3.1pub. 2024-04-29upd. 2026-04-15

An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter

🤖 AI Analysis
How it works

An attacker sends a crafted HTTP POST request to the PDFMyURL service, passing a malicious value in the 'url' parameter. The service, without proper validation, executes the request to the address specified by the attacker, which constitutes a classic SSRF (Server-Side Request Forgery) scenario. This mechanism can be further exploited to execute arbitrary code on the server or access internal infrastructure resources.

Impact

An attacker can gain access to sensitive information processed by the service and execute arbitrary code on the vulnerable server (RCE), which may lead to complete system compromise.

Mitigation & patch

Apply patches available from the vendor according to references. As a temporary measure, it is recommended to restrict access to the service and monitor requests directed to the 'url' parameter for attempts to access internal network resources.

Who is affected

PDFMyURL service — versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESSRF
CWE
References