Home

Description

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-16 | Updated 2025-12-18 | Assigner VulnCheck




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Server-Side Request Forgery (SSRF)

Product status

Default status
unaffected

Unknown
affected

Credits

Mirabbas Ağalarov finder

References

www.exploit-db.com/exploits/51565 (ExploitDB-51565) exploit

podcastgenerator.net/ (Podcast Generator Product Homepage) product

github.com/PodcastGenerator/PodcastGenerator (Podcast Generator GitHub Repository) product

www.vulncheck.com/...-side-request-forgery-via-xml-injection (VulnCheck Advisory: PodcastGenerator 3.2.9 Blind Server-Side Request Forgery via XML Injection) third-party-advisory

cve.org (CVE-2023-53899)

nvd.nist.gov (CVE-2023-53899)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.