CVE-2025-50234

Name of the Vulnerable Software and Affected Versions MCCMS version 2.7.0

Description MCCMS v2.7.0 contains a Server-Side Request Forgery (SSRF) vulnerability located in the index() method of the sysappscontrollersapiGf.php file. The vulnerability occurs when processing the pic parameter. The pic parameter is decrypted using the sys auth($pic, 1) function, which utilizes a hard-coded key Mc Encryption Key (bD2voYwPpNuJ7B8) defined in the db.php file. The decrypted URL is then passed to the geturl() method, which uses cURL to make a request to the URL without sufficient security checks. An attacker can craft a malicious encrypted pic parameter that, when decrypted, points to internal addresses or local file paths. Utilizing the file:// protocol allows access to arbitrary files on the local file system, potentially leading to information leakage or system exposure. This SSRF vulnerability allows access to internal services and local file systems through protocols like http://, ftp://, and file://, potentially resulting in sensitive data leakage, remote code execution, privilege escalation, or full system compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.