Submit #474965: wuzhicms 4.1.0 SSRFinfo

Titelwuzhicms 4.1.0 SSRF
BeschreibungThe test method in coreframe/app/search/admin/config.php does not filter the input sphinxhost and sphinxport parameters, allowing attackers to detect whether internal network ports are open
Quelle⚠️ https://github.com/wuzhicms/wuzhicms/issues/212
Benutzer
 LVZC (UID 74910)
Einreichung05.01.2025 12:17 (vor 1 Jahr)
Moderieren15.01.2025 13:00 (10 days later)
StatusAkzeptiert
VulDB Eintrag291915 [wuzhicms 4.1.0 config.php test sphinxhost/sphinxport erweiterte Rechte]
Punkte15

Do you know our Splunk app?

Download it now for free!