Server-side Request Forgery Vulnerability in Feehi CMS by Liufee
CVE-2021-30108

9.1CRITICAL

Key Information:

Vendor: Feehi
Status: Feehi Cms
Vendor: CVE Published:; 24 May 2021

What is CVE-2021-30108?

Feehi CMS version 2.1.1 is susceptible to a server-side request forgery (SSRF) vulnerability. This occurs when an attacker manipulates the HTTP Referer header, allowing the server to make unauthorized requests to any specified URL. Such vulnerabilities can lead to exposure of sensitive information and potential further exploitation of internal services. It is imperative for users of Feehi CMS to implement safeguards against unauthorized header manipulations and to keep their applications up-to-date.

References

https://github.com/liufee/cms/issues/57

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2021
Vulnerability Reserved
Apr 2, 2021

CVE-2021-30108 Data

JSON