| Title | wuzhicms 4.1.0 SSRF |
|---|
| Description | The test method in coreframe/app/search/admin/config.php does not filter the input sphinxhost and sphinxport parameters, allowing attackers to detect whether internal network ports are open |
|---|
| Source | ⚠️ https://github.com/wuzhicms/wuzhicms/issues/212 |
|---|
| User | LVZC (UID 74910) |
|---|
| Submission | 01/05/2025 12:17 (1 Year ago) |
|---|
| Moderation | 01/15/2025 13:00 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 291915 [wuzhicms 4.1.0 config.php test sphinxhost/sphinxport server-side request forgery] |
|---|
| Points | 15 |
|---|