提出 #497603: iteachyou Dreamer CMS 4.1.3 Server-Side Request Forgery情報

タイトルiteachyou Dreamer CMS 4.1.3 Server-Side Request Forgery
説明A Server-Side Request Forgery (SSRF) vulnerability exists in the iframe embedding functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows authenticated backend users to embed iframes with arbitrary src values using the article editor (编辑文章). An authenticated attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks.
ソース⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/ServerSideRequestForgery-ArticleEditorIframe.md
ユーザー
 vastzero (UID 78767)
送信2025年02月10日 17:10 (1 年 ago)
モデレーション2025年02月21日 11:38 (11 days later)
ステータス重複
VulDBエントリ296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content クロスサイトスクリプティング]
ポイント0

Do you want to use VulDB in your project?

Use the official API to access entries easily!