Primary

Context

PbootCMS Server-Side Request Forgery Vulnerability in Image Handler Component

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in PbootCMS version 3.2.5. The issue arises from an unknown function in the Image Handler component, where improper validation allows remote attackers to manipulate server-side requests. This vulnerability could lead to unauthorized access to internal resources or information.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can send requests from the server to internal or external resources, potentially leading to unauthorized information disclosure or access to internal services.

Reproduction

The vulnerability can be reproduced by authenticating to the application and using the 'saveRemote' method in the Image Handler component. This method does not properly validate the destination of network requests, allowing for server-side request forgery.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PbootCMS Server-Side Request Forgery Vulnerability in Image Handler Component

Vulnerability

Impact

Reproduction

Affected Products

PbootCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating