CVE-2021-39497 | Severity.io

Description

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.

Related CPE's

Vulnerable

References

Broken Link

ExploitThird Party Advisory

Third Party Advisory

Weaknesses

Primary

CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

Vulnerability status

Analyzed

Published

2021-09-07T20:15:08.310

3 years ago

Last modified

2021-09-14T18:53:49.647

3 years ago