Submit #644582: crmeb CRMEB-KY v5.6.1 SSRFinfo

Titlecrmeb CRMEB-KY v5.6.1 SSRF
DescriptionThe Admin-triggered SSRF exists because the testOutUrl method in OutAccountServices.php directly passes a user-controlled URL ($data['push_token_url']) to HttpService::getRequest(). The HttpService::getRequest() and its internal request() methods use cURL to make an HTTP request to this URL without any validation or filtering of the URL's host or scheme (other than the default cURL protocol support). This allows an authenticated administrator to force the server to make arbitrary HTTP/HTTPS requests to internal or external network resources.
Source⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb015.md
User
 Yu Bao (UID 88956)
Submission08/30/2025 09:31 (8 months ago)
Moderation09/13/2025 11:46 (14 days later)
StatusAccepted
VulDB entry323826 [CRMEB up to 5.6.1 OutAccountServices.php testOutUrl push_token_url server-side request forgery]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!