PT-2021-22593 · Eyoucms · Eyoucms

Kietna

Published

2021-09-07

Updated

2021-09-14

CVE-2021-39497

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.5.4

Description: The issue lacks sanitization of input data, allowing an attacker to inject a URL and trigger blind Server-Side Request Forgery (SSRF) via the saveRemote() function.

Recommendations: For eyoucms version 1.5.4, as a temporary workaround, consider disabling the saveRemote() function until a patch is available. Restrict access to the saveRemote() function to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-39497

Affected Products

Eyoucms

PT-2021-22593 · Eyoucms · Eyoucms

CVE-2021-39497

Weakness Enumeration

Related Identifiers

Affected Products

References · 5