CVE-2018-6029

Name of the Vulnerable Software and Affected Versions NoneCms version 1.3.0

Description The issue allows remote attackers to access internal and external network resources via Server Side Request Forgery (SSRF) due to inadequate URL validation in the copy function. Specifically, the validation only checks if the URL contains the "csdn" substring.

Recommendations For NoneCms version 1.3.0, consider implementing proper URL validation to prevent SSRF attacks, such as validating the URL scheme, host, and path to ensure it only allows access to intended resources. As a temporary workaround, restrict access to the copy function in application/admin/controller/Article.php to minimize the risk of exploitation.