KUNO CMS Server-Side Request Forgery Vulnerability in Media Module

A server-side request forgery (SSRF) vulnerability has been identified in the Media module of KUNO CMS, prior to version 1.3.15. This vulnerability allows a logged-in administrator to upload a specially crafted SVG file that references an external image. When the server processes this SVG, it follows the reference and makes an outgoing request to the specified URL. This could lead to information disclosure or internal network probing.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the server makes requests to external or internal resources on behalf of the attacker. This could be used to probe internal networks, access metadata services, or exploit other vulnerabilities, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, log into the KUNO CMS administrative panel and navigate to the Media management section. Upload an SVG file that includes a reference to an external URL or internal IP address. Once the file is uploaded, the server will process the SVG and make a request to the referenced URL, demonstrating the SSRF vulnerability.

Remediation

Users should update to KUNO CMS version 1.3.15 or later, where this vulnerability has been fixed. Instructions for updating can be found in the KUNO CMS release notes.