8.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-46725

GHSA ID

GHSA-jhww-fx2j-3rf7

EPSS Score

0.35617%

CWE

CWE-367

Published

11/2/2023

Updated

11/9/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-46725

CVE-2023-46725: FoodCoopShop Server-Side Request Forgery vulnerability

There is a potential SSRF vulnerability in foodcoopshop. Since there is no security policy on your Github, I tried to use the emails to contact you.

The potential issue is in the Network module, where a manufacturer account can use the /api/updateProducts.json endpoint to make the server send a request to arbitrary host. For example, use

data[data][0][remoteProductId]=352&data[data][0][image]=http://localhost:8888/

will make the server send a request to localhost:8888. This means that it can be used as a proxy into the internal network where the server is.

To make matters worse, the checks on valid image is not enough. There is time of check time of use issue there. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file at the redirect destination, making this a full SSRF. (An example python server that can do this is at https://pastebin.com/8K5Brwbq This will make the server download whatever at the redirect target)

You can check https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF, their impact and how to properly fix it.

Regards

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-46725

CVE-2023-46725:

8.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-46725

GHSA ID

GHSA-jhww-fx2j-3rf7

EPSS Score

0.35617%

CWE

CWE-367

Published

11/2/2023

Updated

11/9/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
foodcoopshop/foodcoopshop	composer	>= 3.2.0, < 3.6.1	3.6.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key functions: 1) RemoteFile::exists performed insecure HEAD requests without host allowlisting, enabling initial SSRF probes. 2) ProductsTable::changeImage's workflow first checked file existence via HEAD, then downloaded via GET without re-validating the target - a classic TOCTOU pattern. The patch added host verification in exists() and switched to mime type checking, confirming these were the vulnerable points. The test cases added for invalid domains and mime types in the commit further validate() these as the vulnerable components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-46725: FoodCoopShop Server-Side Request Forgery vulnerability

CVE-2023-46725:

8.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2023-46725: FoodCoopShop Server-Side Request Forgery vulnerability

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

8.1

8.1

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI