erzhongxmu JEEWMS Server-Side Request Forgery Vulnerability in UEditor Component
Vulnerability
A server-side request forgery (SSRF) vulnerability exists in erzhongxmu JEEWMS version 3.7, specifically within the UEditor component's remote image retrieval feature. The vulnerability is located in the file '/plug-in/ueditor/jsp/getRemoteImage.jsp', where manipulation of the 'upfile' argument allows unauthenticated attackers to send arbitrary HTTP requests from the server. This could lead to internal network scanning, unauthorized access to sensitive data, and interaction with internal services.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the vulnerable server send requests to internal services or resources, potentially leading to unauthorized data access or manipulation.
Reproduction
To reproduce this vulnerability, send a request to the '/plug-in/ueditor/jsp/getRemoteImage.jsp' endpoint with a crafted 'upfile' argument that directs the server to make a request to an internal resource or service. This can be done remotely without any authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.