Primary

Context

maccms10 Server-Side Request Forgery Vulnerability in Add Article Feature

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in maccms10 version 2025.1000.4047. This vulnerability occurs in the 'Add Article' feature, allowing attackers to send crafted requests from the server to internal or external resources.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can manipulate the server to make requests on their behalf. This could potentially be used to access internal services or resources that are not normally exposed to the outside world.

Reproduction

To reproduce this vulnerability, access the 'Add Article' feature and enter a Burp Suite Collaborator address. Once the address is submitted, the server will automatically access the Collaborator address, which can be verified by the request received in Burp Suite.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

maccms10 Server-Side Request Forgery Vulnerability in Add Article Feature

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating