CVE-2025-5327

Medium CVSS: 5.3

A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Chshcms

Product

Mccms

CWE

CWE-918

Yayın Tarihi

2025-05-29 21:15:26

Güncelleme

2025-06-10 15:13:37

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-918 Mccms MEDIUM Chshcms 2025

Referanslar

https://github.com/caigo8/CVE-md/blob/main/Mccms_V2.7/%E5%89%8D%E5%8F%B0SSRF.md https://vuldb.com/?ctiid.310497 https://vuldb.com/?id.310497 https://vuldb.com/?submit.582295 https://github.com/caigo8/CVE-md/blob/main/Mccms_V2.7/%E5%89%8D%E5%8F%B0SSRF.md

Benzer Kayıtlar

Medium

CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute ar…

Medium

CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where…

Medium

CVE-2025-51651

An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attack…

Medium

CVE-2025-5328

A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the functio…