提出 #858045: 1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgery情報

タイトル1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgery
説明The IntegrationConfigService component in CordysCRM v1.4.1 contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability stems from the getSqlBotSrc() method extracting URLs from the appSecret parameter using regex pattern without proper validation. Extracted URLs are directly used to create HTTP connections via URI.create(jsUrl).toURL().openConnection() in the /organization/settings/third-party/edit endpoint. No whitelist validation, protocol restriction, or internal IP blocking is applied. Attackers can inject malicious URLs via the appSecret parameter (e.g., appSecret": "src="<http://malicious\\>"").
ソース⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2687
ユーザー
 liushaozhe (UID 83234)
送信2026年06月13日 19:39 (1 月 ago)
モデレーション2026年07月18日 14:11 (1 month later)
ステータス承諾済み
VulDBエントリ380045 [1Panel-dev CordysCRM 迄 1.4.1 Third Party Edit Endpoint IntegrationConfigService.java getSqlBotSrc appSecret 特権昇格]
ポイント20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!