ZKEACMS MediaController.cs Proxy server-side request forgery

A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is now public and may be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

服务端请求伪造(SSRF)

ZKEACMS 代码问题漏洞

ZKEACMS是ZKEASOFT开源的一个视觉设计、所见即所得的内容管理系统。 ZKEACMS 4.3版本存在代码问题漏洞，该漏洞源于对文件src/ZKEACMS/Controllers/MediaController.cs中函数Proxy的参数url的错误操作，可能导致服务端请求伪造。

N/A

N/A