Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the server to initiate an HTTP request to an arbitrary internal or external network address. Successful exploitation could lead to internal network reconnaissance, port scanning, or the retrieval of sensitive information. The vulnerability may be present in the backend API called by or associated with the path `/admin/#/webset/?head_tab_active=0`, where user-provided XML data is processed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MetInfo CMS 安全漏洞
Vulnerability Description
MetInfo CMS是中国米拓(MetInfo)公司的一个内容管理系统。 MetInfo CMS 8.1及之前版本存在安全漏洞,该漏洞源于XML解析逻辑缺陷,可能导致服务器端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A