CouchCMS Server-Side Request Forgery Vulnerability via SVG File Upload

A server-side request forgery (SSRF) vulnerability has been identified in CouchCMS version 2.2.1. This vulnerability allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. The SVG files can contain external entity references that, when processed, could access internal services and resources. The vulnerability arises from the application's handling of file uploads through the browse.php endpoint.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an authenticated attacker can make requests from the server to internal services or resources, potentially leading to further exploitation or information disclosure.

Reproduction

To reproduce this vulnerability, upload a crafted SVG file containing an external entity reference through the CouchCMS browse.php endpoint. Ensure that the uploaded file is processed in a way that allows the external entity reference to be resolved, thereby accessing the internal resource or service.