SYM_JSTS_0022 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Passing untrusted user input directly to the wkhtmltopdf function can allow attackers to manipulate the URLs or content processed by the server. This makes it possible for an attacker to control what wkhtmltopdf fetches or renders.
Impact
If exploited, an attacker could make the server send requests to internal or protected resources, potentially exposing sensitive data or enabling further attacks on internal systems. This can lead to information leaks, unauthorized network access, or abuse of server resources.