| Title | JiZhiCMS 2.4.5 is vulnerable to Server-side request forgery (SSRF) |
|---|
| Description | A vulnerability has been discovered in JiZhiCMS. This affects the index function in the file TemplateController.php. Manipulation of parameters leads to SSRF.
The problem is in the Index function in TemplateController.php, we can control the set and webapi parameters can be customized to add an address and then visit Template/index can be triggered. |
|---|
| Source | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/JiZhiCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md |
|---|
| User | p0ison (UID 37575) |
|---|
| Submission | 05/25/2023 08:51 (3 years ago) |
|---|
| Moderation | 05/27/2023 09:37 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 230082 [JIZHICMS 2.4.5 TemplateController.php index webapi server-side request forgery] |
|---|
| Points | 18 |
|---|