Personal Management System Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Personal Management System version 1.4.65. This issue allows remote attackers to access sensitive information through the 'create Notes' function, which can be exploited by inserting images via URL. The vulnerability enables attackers to make web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal services and the ability to query or modify sensitive information.

Reproduction

To reproduce this vulnerability, navigate to the 'create Notes' function in Personal Management System 1.4.65. Insert an image URL that points to an external location. The application will process the image URL, creating a note that includes the image. This request can be monitored to confirm that the application made a server-side request to the specified URL, demonstrating the SSRF vulnerability.