Primary

Context

Dayrui XunRuiCMS Server-Side Request Forgery Vulnerability in Project Domain Change Test Component

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Dayrui XunRuiCMS versions through 4.7.1. The issue resides in the file admin79f2ec220c7e.php, specifically within the Project Domain Change Test component. The vulnerability is triggered by manipulating the 'v' parameter, allowing remote attackers to send unauthorized requests from the server.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources, potentially leading to unauthorized data access or interaction with internal services.

Reproduction

To reproduce this vulnerability, navigate to the 'Settings' menu, then go to 'Domain Binding' and select 'Project Domain'. Once there, find the 'Change' option and click on 'Test'. This will send a request to the vulnerable endpoint with the crafted 'v' parameter, exploiting the SSRF vulnerability.

Added: Dec 4, 2025, 3:28 PM

Updated: Dec 4, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.3

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.3

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dayrui XunRuiCMS Server-Side Request Forgery Vulnerability in Project Domain Change Test Component

Vulnerability

Impact

Reproduction

Affected Products

dayrui XunRuiCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating