Submit #474965: wuzhicms 4.1.0 SSRFinfo

Titlewuzhicms 4.1.0 SSRF
DescriptionThe test method in coreframe/app/search/admin/config.php does not filter the input sphinxhost and sphinxport parameters, allowing attackers to detect whether internal network ports are open
Source⚠️ https://github.com/wuzhicms/wuzhicms/issues/212
User
 LVZC (UID 74910)
Submission01/05/2025 12:17 (1 Year ago)
Moderation01/15/2025 13:00 (10 days later)
StatusAccepted
VulDB entry291915 [wuzhicms 4.1.0 config.php test sphinxhost/sphinxport server-side request forgery]
Points15

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!