Magicblack MacCMS API server-side request forgery

A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit is publicly available and might be used.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

服务端请求伪造(SSRF)

maccms10 代码问题漏洞

maccms10是magicblack开源的一套采用 PHP+MYSQL 环境下运行的完善而强大的快速建站系统。 maccms10 2025.1000.4050版本存在代码问题漏洞，该漏洞源于对组件API Handler中参数cjurl的错误操作，可能导致服务端请求伪造。

N/A

N/A