Skip to content

Instantly share code, notes, and snippets.

@wisejayer
Last active March 24, 2024 08:34
Show Gist options
  • Save wisejayer/d365e93ce09b8a36641165e1d1a0a06c to your computer and use it in GitHub Desktop.
Save wisejayer/d365e93ce09b8a36641165e1d1a0a06c to your computer and use it in GitHub Desktop.
CVE-2024-25187
> [description]
> 71cms v1.0.0 is vulnerable to SSRF.
> [VulnerabilityType Other]
> SSRF-vulnerability
> [Vendor of Product]
> https://github.com/xiaocheng-keji/71cms
> [Affected Product Code Base]
> https://github.com/xiaocheng-keji/71cms - v1.0.0
> [Affected Component]
> the client submitted data without any verification, malicious users do not need to authenticate login, you can send malicious data, SSRF attacks.
> [Attack Type]
> Remote
> [Impact Information Disclosure]
> true
> [Attack Vectors]
> Details can be seen in https://github.com/xiaocheng-keji/71cms/issues/2
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
> [Reference]
> https://github.com/xiaocheng-keji/71cms
> https://github.com/xiaocheng-keji/71cms/issues/2
[discoverer]
wisejay
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment