Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery
Vulnerability Description
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
xunruicms 代码问题漏洞
Vulnerability Description
xunruicms是XunRuiCMS个人开发者的一个建站框架。 xunruicms 4.7.1及之前版本存在代码问题漏洞,该漏洞源于对文件/admind45f74adbd95.php中组件Email Setting Handler的错误操作,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A