Shadia0

**Name of the Vulnerable Software and Affected Versions** eladmin versions 2.7 and earlier **Description** A Server-Side Request Forgery (SSRF) issue has been identified. The manipulation of the HTTP Body `ip` parameter leads to SSRF. This occurs in the ServerDeployController.java file. **Recommendations** For eladmin versions 2.7 and earlier, as a temporary workaround, consider restricting access to the ServerDeployController.java file until a patch is available. Avoid using the `ip` parameter in the affected HTTP Body until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eladmin versions 2.7 and earlier **Description** The issue allows for remote code execution (RCE) that can control all application deployment servers of the management system. This is achieved via the `DeployController.java` file. **Recommendations** For eladmin versions 2.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.