Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8vds-pw69-u3et
Vulnerability ID VCID-8vds-pw69-u3et
Aliases CVE-2023-40033
GHSA-67c6-q4j4-hccg
Summary Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-918 Server-Side Request Forgery (SSRF)
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-40033
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-40033
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-40033
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-67c6-q4j4-hccg
cvssv3.1 7.1 https://github.com/flarum/framework
generic_textual HIGH https://github.com/flarum/framework
cvssv3.1 7.1 https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570
generic_textual HIGH https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570
ssvc Track https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570
cvssv3.1 7.1 https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg
cvssv3.1_qr HIGH https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg
generic_textual HIGH https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg
ssvc Track https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg
cvssv3.1 7.1 https://nvd.nist.gov/vuln/detail/CVE-2023-40033
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-40033
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-40033
https://github.com/flarum/framework
https://nvd.nist.gov/vuln/detail/CVE-2023-40033
d1059c1cc79fe61f9538f3da55e8f42abbede570 https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570
GHSA-67c6-q4j4-hccg https://github.com/advisories/GHSA-67c6-q4j4-hccg
GHSA-67c6-q4j4-hccg https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/flarum/framework
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:56:22Z/ Found at https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T15:56:22Z/ Found at https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-40033
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.41375
EPSS Score 0.00195
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:29:48.481452+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/40xxx/CVE-2023-40033.json 38.6.0