Personal Management System Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Personal Management System version 1.4.65, specifically within the 'my-contacts-settings' component. This vulnerability allows remote attackers to obtain sensitive information by uploading images via URL, which can then be used to make web requests to arbitrary locations. Exploitation of this issue could lead to querying and modifying information from internal services.

Impact

Exploitation of this vulnerability could allow attackers to access sensitive information by making requests to internal services, potentially leading to unauthorized data exposure or modification.

Reproduction

To reproduce this vulnerability, navigate to the 'my-contacts-settings' component. Upload an image using a URL that points to an external resource. The application will process the image upload, which can be leveraged to make requests to internal services from the perspective of the web application.