जमा करें #799571: Ryan Cramer ( https://processwire.com/about/team/ryan/ ) ProcessWire CMS 3.0.255 SSRF ( Server-Side Request Forgery )जानकारी

शीर्षकRyan Cramer ( https://processwire.com/about/team/ryan/ ) ProcessWire CMS 3.0.255 SSRF ( Server-Side Request Forgery )
विवरणThe application allows administrators to fetch module ZIP files from arbitrary user-supplied URLs, resulting in a server-side request forgery (SSRF) condition. The server performs outbound requests to internal and external resources without proper validation or restriction. Additionally, verbose error messages disclose whether a target host or port is reachable, enabling internal network enumeration. This behavior can be abused to probe internal services and identify open ports from the server’s perspective.
स्रोत⚠️ https://gist.github.com/thepiyushkumarshukla/7514e5eed526fd9d20fcfc42ce8d0a82
उपयोगकर्ता
 thepiyushkumarshukla (UID 94321)
सबमिशन08/04/2026 10:55 AM (20 दिन पहले)
संयम25/04/2026 07:50 PM (17 days later)
स्थितिप्रतिलिपि
VulDB प्रविष्टि357848 [ProcessWire CMS तक 3.0.255 Add Module module download अधिकार वृद्धि]
अंक0

पिछलासिंहावलोकनअगला

Do you want to use VulDB in your project?

Use the official API to access entries easily!