CVE-2022-27429

Name of the Vulnerable Software and Affected Versions Jizhicms version 1.9.5

Description A Server-Side Request Forgery (SSRF) issue was discovered in Jizhicms. The issue is related to the "/admin.php/Plugins/update.html" API endpoint. This allows for potential exploitation by making the server send requests to arbitrary locations.

Recommendations For Jizhicms version 1.9.5, as a temporary workaround, consider restricting access to the "/admin.php/Plugins/update.html" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.