PT-2022-20728 · Jizhicms · Jizhicms
Zer0Yu
·
Published
2022-06-09
·
Updated
2022-06-15
·
CVE-2022-31393
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Jizhicms version 2.2.5
Description
A Server-Side Request Forgery (SSRF) issue was found in the Index function of the PluginsController.php file, located in app/admin/c/. This allows for potential exploitation.
Recommendations
For Jizhicms version 2.2.5, consider disabling the Index function in the PluginsController.php file as a temporary workaround until a patch is available. Restrict access to the vulnerable PluginsController.php to minimize the risk of exploitation.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jizhicms