FeehiCMS Server-Side Request Forgery Vulnerability in TimThumb Component

A server-side request forgery (SSRF) vulnerability has been identified in FeehiCMS versions through 2.1.1, specifically within the TimThumb component. The issue arises in the file 'frontend/web/timthumb.php', where the 'src' argument can be manipulated to fetch external resources without proper validation. This vulnerability can be exploited remotely by unauthenticated users.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources on their behalf. This could potentially be used to access internal services, conduct port scanning, or retrieve sensitive information from other systems.

Reproduction

To reproduce this vulnerability, send a request to 'timthumb.php' with a 'src' parameter pointing to an external URL. The server will fetch the resource and return it, demonstrating the SSRF vulnerability. Alternatively, internal services can be targeted by directing the 'src' parameter to a local address.

Remediation

FeehiCMS users are advised to disable external URL fetching in the TimThumb configuration, use a whitelist for allowed domains, or remove the TimThumb script entirely and replace it with modern image processing solutions that have proper security controls.