| Title | MCCMS is vulnerable to Server-side request forgery (SSRF) |
|---|
| Description | MCCMS <= 2.6.5 is vulnerable to Server-side request forgery (SSRF).It has been rated as problematic.The problem lies in the pic_api function in sys/apps/controllers/admin/Comic.php, which is used to cause ssrf by controlling the $url.The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
|---|
| Source | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/MCCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF)%201.md |
|---|
| User | p0ison (UID 37575) |
|---|
| Submission | 06/06/2023 08:31 (3 years ago) |
|---|
| Moderation | 06/14/2023 07:48 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 231506 [mccms up to 2.6.5 Comic.php pic_api url server-side request forgery] |
|---|
| Points | 19 |
|---|