A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header ‘HOST’ value to cause the server to send the request.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23776
Reference (s):
- https://github.com/zhonghaozhao/winmail/issues/3