إرسال #497603: iteachyou Dreamer CMS 4.1.3 Server-Side Request Forgeryالمعلومات

عنوانiteachyou Dreamer CMS 4.1.3 Server-Side Request Forgery
الوصفA Server-Side Request Forgery (SSRF) vulnerability exists in the iframe embedding functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows authenticated backend users to embed iframes with arbitrary src values using the article editor (编辑文章). An authenticated attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks.
المصدر⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/ServerSideRequestForgery-ArticleEditorIframe.md
المستخدم
 vastzero (UID 78767)
ارسال10/02/2025 05:10 PM (1 سنة منذ)
الاعتدال21/02/2025 11:38 AM (11 days later)
الحالةمكرر
إدخال VulDB296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content البرمجة عبر المواقع]
النقاط0

Do you know our Splunk app?

Download it now for free!