I am currently studying regarding SSRF. I noticed that an injection vector where SSRF might be present is always parameters that is related to url (Importing image using URL, others). I have encountered a couple of endpoints where request body contains url which is used to import image from the webserver. Something like this; …&imageUrl=https://companyX.com/image/3123123. I was able to change the imageURL into my own url and upload my own image from my own web server. Is this normally considered as a vulnerability? Or is this just an indicator that a SSRF might be present?