Submeter #742633: Zentao PMS <=21.7.6-85642 SSRFinformação

TítuloZentao PMS <=21.7.6-85642 SSRF
DescriçãoA Server-Side Request Forgery (SSRF) vulnerability exists in the Webhook module of ZenTao CMS that allows authenticated administrators to read arbitrary files from the server's local filesystem. The vulnerability stems from insufficient URL validation when configuring webhook URLs, specifically the lack of protocol filtering for the file:// scheme. Additionally, the response from file protocol requests is stored and displayed in the webhook logs, enabling attackers to retrieve sensitive file contents.
Fonte⚠️ https://github.com/ez-lbz/ez-lbz.github.io/issues/9
Utilizador
 ez-lbz (UID 87033)
Submissão20/01/2026 10h29 (há 5 meses)
Moderação04/02/2026 15h17 (15 days later)
EstadoAceite
Entrada VulDB344264 [ZenTao até 21.7.6-85642 Webhook module/webhook/model.php fetchHook Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!