Xiaoyangsec

**Name of the Vulnerable Software and Affected Versions** MCCMS version 2.7.0 **Description** MCCMS v2.7.0 contains a Server-Side Request Forgery (SSRF) vulnerability located in the `index()` method of the `sysappscontrollersapiGf.php` file. The vulnerability occurs when processing the `pic` parameter. The `pic` parameter is decrypted using the `sys auth($pic, 1)` function, which utilizes a hard-coded key `Mc Encryption Key` (bD2voYwPpNuJ7B8) defined in the `db.php` file. The decrypted URL is then passed to the `geturl()` method, which uses cURL to make a request to the URL without sufficient security checks. An attacker can craft a malicious encrypted `pic` parameter that, when decrypted, points to internal addresses or local file paths. Utilizing the `file://` protocol allows access to arbitrary files on the local file system, potentially leading to information leakage or system exposure. This SSRF vulnerability allows access to internal services and local file systems through protocols like http://, ftp://, and file://, potentially resulting in sensitive data leakage, remote code execution, privilege escalation, or full system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.