cdevroe unmark Server-Side Request Forgery Vulnerability in Marks.php

A server-side request forgery (SSRF) vulnerability has been identified in cdevroe unmark versions through 1.9.3. The issue resides in the application/controllers/Marks.php file, where the 'url' parameter is manipulated, allowing remote attackers to send requests to internal servers or services. This vulnerability could be exploited to access sensitive information or interact with private APIs, all while masking the origin of the request as coming from the trusted server.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the application is tricked into making requests on behalf of the attacker. This could be used to access internal resources, cloud metadata services, or private APIs, potentially leading to unauthorized data exposure or manipulation.

Reproduction

To reproduce this vulnerability, send a POST request to the '/marks/add' endpoint with an unvalidated URL in the 'url' parameter. The request will be processed by the vulnerable Marks.php controller, where the URL is loaded without proper validation, allowing for internal or arbitrary requests to be made.