Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Server-Side Request Forgery (SSRF) Vulnerability - CVE-2017-7272 - Vulnerability Database
PHP

PHP Server-Side Request Forgery (SSRF) Vulnerability - CVE-2017-7272

High
Reference: CVE-2017-7272
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-7272
Title: PHP Server-Side Request Forgery (SSRF) Vulnerability
Overview:

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized fsockopen will use the port number that is specified in the hostname argument instead of the port number in the second argument of the function.