Magicblack MacCMS Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Magicblack MacCMS version 2025.1000.4050. This vulnerability arises from the API Handler component, where the application accepts a user-controlled URL parameter, 'cjurl', and uses it to make network requests from the server without adequate security validation. This flaw allows remote attackers to manipulate the 'cjurl' parameter to access internal network resources or services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources on behalf of the server. This could potentially be used to access sensitive information, interact with internal services, or exploit other vulnerabilities in the application or server environment.

Reproduction

To reproduce this vulnerability, send a POST request to the '/admin/collect/test.html' endpoint with the 'cjurl' parameter set to a malicious URL. This URL can be an internal address that the server can access but is not exposed to the outside world. The request should include a valid session cookie to authenticate the request.