| タイトル | Ryan Cramer ( https://processwire.com/about/team/ryan/ ) ProcessWire CMS 3.0.255 SSRF ( Server-Side Request Forgery ) |
|---|
| 説明 | The application allows administrators to fetch module ZIP files from arbitrary user-supplied URLs, resulting in a server-side request forgery (SSRF) condition. The server performs outbound requests to internal and external resources without proper validation or restriction. Additionally, verbose error messages disclose whether a target host or port is reachable, enabling internal network enumeration. This behavior can be abused to probe internal services and identify open ports from the server’s perspective. |
|---|
| ソース | ⚠️ https://gist.github.com/thepiyushkumarshukla/7514e5eed526fd9d20fcfc42ce8d0a82 |
|---|
| ユーザー | thepiyushkumarshukla (UID 94321) |
|---|
| 送信 | 2026年04月08日 10:55 (20 日 ago) |
|---|
| モデレーション | 2026年04月25日 19:50 (17 days later) |
|---|
| ステータス | 重複 |
|---|
| VulDBエントリ | 357848 [ProcessWire CMS 迄 3.0.255 Add Module module download 特権昇格] |
|---|
| ポイント | 0 |
|---|