CVE-2021-39497 | Severity.io

Description

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.

Related CPE's

Vulnerable

References

Broken Link

ExploitThird Party Advisory

Third Party Advisory

Broken Link

ExploitThird Party Advisory

Third Party Advisory

Weaknesses

Primary

CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

Vulnerability status

Modified

Published

2021-09-07T18:15:08.310Z

4 years ago

Last modified

2024-11-21T05:19:33.597Z

1 year ago