| Title | MCCMS is vulnerable to Server-side request forgery (SSRF) |
|---|
| Description | MCCMS <= 2.6.5 is vulnerable to Server-side request forgery (SSRF). It has been declared as problematic. The problem lies in the pic_save function in sys/apps/controllers/admin/Comic.php, which is utilized to cause ssrf by controlling $pic. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
|---|
| Source | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/MCCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF)%202.md |
|---|
| User | p0ison (UID 37575) |
|---|
| Submission | 06/06/2023 08:33 (3 years ago) |
|---|
| Moderation | 06/14/2023 07:48 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 231507 [mccms up to 2.6.5 Comic.php pic_save pic server-side request forgery] |
|---|
| Points | 19 |
|---|