| Название | yanyutao0402 ChanCMS V3.3.0 Unauthorized SSRF |
|---|
| Описание | The getPages and getArticle methods in CollectController both get the URL from the request body and call collect.common to get the contents of the URL. In the getPages method, the targetUrl parameter has been verified by the isValidTargetUrl function. However, in the getArticle method, the taskUrl parameter is not validated by isValidTargetUrl before being passed to collect.common. |
|---|
| Источник | ⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md |
|---|
| Пользователь | Yu_Bao (UID 89348) |
|---|
| Представление | 22.08.2025 12:19 (10 месяцы назад) |
|---|
| Модерация | 10.09.2025 12:24 (19 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 323484 [yanyutao0402 ChanCMS 3.3.0 /cms/collect/getArticle CollectController taskUrl эскалация привилегий] |
|---|
| Баллы | 20 |
|---|