제출 #502650: https://github.com/zorlan/skycaiji skycaiji 2.9 SSRF정보

제목https://github.com/zorlan/skycaiji skycaiji 2.9 SSRF
설명In the previewAction method in vendor/skycaiji/app/admin/controller/Tool.php of zorlan skycaiji v2.9, the access address can be controlled by passing in the data parameter in the logged-in state, making illegal requests for intranet resources.
원천⚠️ https://github.com/sheratan4/cve/issues/6
사용자
 sheratan (UID 71236)
제출2025. 02. 17. PM 06:01 (1 년도 ago)
모더레이션2025. 02. 28. PM 09:01 (11 days later)
상태수락
VulDB 항목298029 [Zorlan SkyCaiji 2.9 Tool.php previewAction data 권한 상승]
포인트들16

이전개요다음

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!