| عنوان | Zentao PMS <=21.7.6-85642 SSRF |
|---|
| الوصف | An attacker can construct a malicious base parameter. By making the server send HTTP requests, the attacker can perform internal network discovery, port scanning, and other attacks. Because different port services return different error messages and response times, an attacker can determine whether internal ports are open by analysing response differences, creating a serious security risk. For details, please refer to the advisory. |
|---|
| المصدر | ⚠️ https://github.com/ez-lbz/ez-lbz.github.io/issues/2 |
|---|
| المستخدم | ez-lbz (UID 87033) |
|---|
| ارسال | 07/11/2025 03:18 AM (8 أشهر منذ) |
|---|
| الاعتدال | 29/11/2025 09:29 PM (23 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 333793 [ZenTao حتى 21.7.6-8564 module/ai/model.php makeRequest القاعدة تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|