Maccms10 Server-Side Request Forgery Vulnerability in Collection Custom Interface
Vulnerability
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Maccms10 version 2025.1000.4047, specifically within the Collection Custom Interface feature. This vulnerability allows an attacker to manipulate server-side requests, potentially leading to unauthorized access or actions on behalf of the server.
Impact
Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make the server send requests to internal or external resources, potentially leading to further exploitation or information disclosure.
Reproduction
To reproduce this vulnerability, navigate to the Collection Custom Interface feature in Maccms10 v2025.1000.4047. Use Burp Suite's Collaborator tool to set up a listener. Then, add a new collection and paste the Burp Collaborator address into the 'API URL' field. Click 'Test' to send the request. If the vulnerability is present, the Burp Collaborator will receive the request, indicating successful exploitation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.