| عنوان | magicblack MacCMSv10 v2025.1000.4050 SSRF |
|---|
| الوصف | When a scheduled task with file set to cj is executed, the col_url method in the Cj controller is called. This method uses the Collection utility to fetch content from a URL specified in the cjurl parameter of the scheduled task. There is no validation to prevent the use of internal or local URLs, allowing an attacker to make the server send requests to arbitrary internal services. |
|---|
| المصدر | ⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb017.md |
|---|
| المستخدم | Yu Bao (UID 88956) |
|---|
| ارسال | 02/09/2025 03:50 PM (8 أشهر منذ) |
|---|
| الاعتدال | 13/09/2025 05:17 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 323830 [Magicblack MacCMS 2025.1000.4050 Scheduled Task col_url cjurl تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|