KEVIntel
PRO Back to KEVs
5.8
CVSS
Medium

CVE-2024-27564

PUBLISHED

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy...

Exploited in the wild PoC available Remote Low complexity No user interaction
Vendor
dirk1983
Product
mm1.ltd source code
Published
Mar 05, 2024
EPSS
91.9% · 100% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

php nuclei_scanner

Weaknesses (CWE)

  • CWE-918

    The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVSS scores

CVSS v3.1 5.8 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2026-06-05 00:00:00 UTC · Source

Proof of concept available

Recorded 2024-09-15 10:25:01 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) First 2026-06-05 00:00 UTC

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-27564.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

Quantum-Hacker/CVE-2024-27564

github · Created 2024-09-15 15:11:54 UTC · 8 stars

MuhammadWaseem29/SSRF-Exploit-CVE-2024-27564

github · Created 2024-09-15 10:25:01 UTC · 6 stars

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel