thinkgem JeeSite Server-Side Request Forgery Vulnerability

A critical server-side request forgery (SSRF) vulnerability has been identified in thinkgem JeeSite versions through 5.11.1. The issue arises in the URI Scheme Handler component, specifically within the ResourceLoader.getResource function of the file /cms/fileTemplate/form. The vulnerability allows remote attackers to manipulate the 'name' argument, potentially leading to unauthorized access to internal resources or services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources on behalf of the server, potentially leading to unauthorized data access or interaction with internal services.

Reproduction

To reproduce this vulnerability, send a request to the /cms/fileTemplate/form endpoint with a crafted 'name' argument that directs the server to an internal resource or service. The server will process the request and retrieve the specified resource, demonstrating the SSRF vulnerability.