PT-2021-10653 · Muyucms · Muyucms

Lolipop1234

Published

2021-10-06

Updated

2021-10-15

CVE-2020-21653

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Myucms version 2.2.1

Description: The issue is related to a server-side request forgery (SSRF) in the component controllerindex.php. This can be exploited via the sj() method.

Recommendations: For Myucms version 2.2.1, consider disabling the sj() method in the controllerindex.php component until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2020-21653

Affected Products

Muyucms

PT-2021-10653 · Muyucms · Muyucms

CVE-2020-21653

Weakness Enumeration

Related Identifiers

Affected Products

References · 3