提交 #858045: 1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgery信息

标题1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgery
描述The IntegrationConfigService component in CordysCRM v1.4.1 contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability stems from the getSqlBotSrc() method extracting URLs from the appSecret parameter using regex pattern without proper validation. Extracted URLs are directly used to create HTTP connections via URI.create(jsUrl).toURL().openConnection() in the /organization/settings/third-party/edit endpoint. No whitelist validation, protocol restriction, or internal IP blocking is applied. Attackers can inject malicious URLs via the appSecret parameter (e.g., appSecret": "src="<http://malicious\\>"").
来源⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2687
用户
 liushaozhe (UID 83234)
提交2026-06-13 19時39分 (1 月前)
管理2026-07-18 14時11分 (1 month later)
状态已接受
VulDB条目380045 [1Panel-dev CordysCRM 直到 1.4.1 Third Party Edit Endpoint IntegrationConfigService.java getSqlBotSrc appSecret 权限提升]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!