Primary

Context

ObjectPlanet Opinio Server-Side Request Forgery Vulnerability in Survey Import Feature

Vulnerability

Patched

A blind server-side request forgery (SSRF) vulnerability has been identified in ObjectPlanet Opinio version 7.26 prior to 7.27. This vulnerability allows an attacker to manipulate the survey-import feature on web-based platforms, forcing the server to send HTTP GET requests to arbitrary destinations. The issue arises from crafted import requests that exploit the survey-import functionality.

Impact

Exploitation of this vulnerability allows for blind server-side request forgery, where the server is tricked into making requests to internal or external resources on behalf of the attacker.

Remediation

Users are advised to update to ObjectPlanet Opinio version 7.27 or later, where this vulnerability has been addressed.

Added: Dec 2, 2025, 10:19 AM

Updated: Dec 2, 2025, 6:02 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.0

exploitability

4.8

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.0

exploitability

4.8

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ObjectPlanet Opinio Server-Side Request Forgery Vulnerability in Survey Import Feature

Vulnerability

Impact

Remediation

Affected Products

ObjectPlanet Opinio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating