| Title | SeriaWei ZKEACMS v4.3 Non-blind SSRF |
|---|
| Description | The Proxy method in MediaController allows users to request the content of an arbitrary URL. Although this operation requires ViewMedia permission, once the attacker has the corresponding permissions, he can use this vulnerability to detect the company's intranet and attack the intranet services. |
|---|
| Source | ⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb022.md |
|---|
| User | Yu_Bao (UID 89348) |
|---|
| Submission | 09/05/2025 04:31 (9 months ago) |
|---|
| Moderation | 09/15/2025 11:59 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323890 [ZKEACMS 4.3 MediaController.cs Proxy url server-side request forgery] |
|---|
| Points | 17 |
|---|