PT-2022-20727 · Jizhicms · Jizhicms
Zer0Yu
·
Published
2022-06-09
·
Updated
2022-06-15
·
CVE-2022-31390
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Jizhicms version 2.2.5
Description
A Server-Side Request Forgery (SSRF) issue was found in the Update function within the TemplateController.php file, located at app/admin/c/. This allows for potential exploitation.
Recommendations
For Jizhicms version 2.2.5, consider disabling the Update function in the TemplateController.php file as a temporary workaround until a patch is available. Restrict access to the TemplateController.php file to minimize the risk of exploitation.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jizhicms