| 제목 | Zentao PMS <=21.7.6-85642 SSRF |
|---|
| 설명 | A Server-Side Request Forgery (SSRF) vulnerability exists in the Webhook module of ZenTao CMS that allows authenticated administrators to read arbitrary files from the server's local filesystem. The vulnerability stems from insufficient URL validation when configuring webhook URLs, specifically the lack of protocol filtering for the file:// scheme. Additionally, the response from file protocol requests is stored and displayed in the webhook logs, enabling attackers to retrieve sensitive file contents. |
|---|
| 원천 | ⚠️ https://github.com/ez-lbz/ez-lbz.github.io/issues/9 |
|---|
| 사용자 | ez-lbz (UID 87033) |
|---|
| 제출 | 2026. 01. 20. AM 10:29 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 04. PM 03:17 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344264 [ZenTao 까지 21.7.6-85642 Webhook module/webhook/model.php fetchHook 권한 상승] |
|---|
| 포인트들 | 20 |
|---|