CVE-2022-24789

Name of the Vulnerable Software and Affected Versions C1 CMS versions prior to 6.12

Description The issue allows an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. This can also lead to truncating arbitrary files to zero size, effectively deleting them, which can cause denial of service (DoS) or alter application logic. An authenticated user may unknowingly perform these actions by visiting a specially crafted site.

Recommendations For versions prior to 6.12, update to C1 CMS version 6.12 to resolve the issue.