CVE-2021-39497
N/A
N/A
Summary
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/eyoucms/eyoucms/releases/tag/v1.5.4
- http://hptcybersec.com/ssrf_PoC.jpg
- https://github.com/KietNA-HPT/CVE
References
- https://github.com/eyoucms/eyoucms/releases/tag/v1.5.4
- http://hptcybersec.com/ssrf_PoC.jpg
- https://github.com/KietNA-HPT/CVE
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.