Wisejay

**Name of the Vulnerable Software and Affected Versions** 71cms version 1.0.0 **Description** The issue allows remote unauthenticated attackers to obtain sensitive information. This is achieved via the `getweather.html` endpoint, which is vulnerable to Server Side Request Forgery (SSRF). SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources, potentially leading to unauthorized access to sensitive data. **Recommendations** For 71cms version 1.0.0, as a temporary workaround, consider restricting access to the `getweather.html` endpoint until a patch is available. Additionally, review server configurations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.