wisejayer/gist:d365e93ce09b8a36641165e1d1a0a06c

## gistfile1.txt
> [description]
> 71cms v1.0.0 is vulnerable to SSRF.

> [VulnerabilityType Other]
> SSRF-vulnerability

> [Vendor of Product]
> https://github.com/xiaocheng-keji/71cms

> [Affected Product Code Base]
> https://github.com/xiaocheng-keji/71cms - v1.0.0

> [Affected Component]
> the client submitted data without any verification, malicious users do not need to authenticate login, you can send malicious data, SSRF attacks.

> [Attack Type]
> Remote

> [Impact Information Disclosure]
> true

> [Attack Vectors]
> Details can be seen in https://github.com/xiaocheng-keji/71cms/issues/2

> [Has vendor confirmed or acknowledged the vulnerability?]
> true

> [Reference]
> https://github.com/xiaocheng-keji/71cms
> https://github.com/xiaocheng-keji/71cms/issues/2

[discoverer]
wisejay
	> [description]
	> 71cms v1.0.0 is vulnerable to SSRF.

	> [VulnerabilityType Other]
	> SSRF-vulnerability

	> [Vendor of Product]
	> https://github.com/xiaocheng-keji/71cms

	> [Affected Product Code Base]
	> https://github.com/xiaocheng-keji/71cms - v1.0.0

	> [Affected Component]
	> the client submitted data without any verification, malicious users do not need to authenticate login, you can send malicious data, SSRF attacks.

	> [Attack Type]
	> Remote

	> [Impact Information Disclosure]
	> true

	> [Attack Vectors]
	> Details can be seen in https://github.com/xiaocheng-keji/71cms/issues/2

	> [Has vendor confirmed or acknowledged the vulnerability?]
	> true

	> [Reference]
	> https://github.com/xiaocheng-keji/71cms
	> https://github.com/xiaocheng-keji/71cms/issues/2

	[discoverer]
	wisejay