CVE-2023-1046

Name of the Vulnerable Software and Affected Versions MuYuCMS version 2.2

Description A critical vulnerability has been found in MuYuCMS, affecting an unknown part of the file /admin.php/update/getFile.html. The manipulation of the url argument leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For MuYuCMS version 2.2, as a temporary workaround, consider restricting access to the /admin.php/update/getFile.html file until a patch is available. Avoid using the url argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.