CVE-2025-13796 PoC — Deco Apps Library / MCP Servers 代码问题漏洞

Source

https://github.com/0xcucumbersalad/CVE-2025-13796-PoC

Associated Vulnerability

Title:Deco Apps Library / MCP Servers 代码问题漏洞 (CVE-2025-13796)
Description:Deco Apps Library / MCP Servers是deco.cx开源的一个内容管理系统。 Deco Apps Library / MCP Servers 0.120.1及之前版本存在代码问题漏洞，该漏洞源于文件website/loaders/analyticsScript.ts中参数url的错误操作，可能导致服务端请求伪造。

Description

deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!