MuYuCMS getFile.html server-side request forgery
CVE-2023-1046

8.8HIGH

Key Information:

Vendor

Muyucms

Status
MuYuCMS
Vendor
CVE Published:
26 February 2023

What is CVE-2023-1046?

A server-side request forgery vulnerability has been identified in MuYuCMS version 2.2, specifically affecting the processing of requests through the /admin.php/update/getFile.html file. This vulnerability allows remote attackers to manipulate the argument 'url', initiating unauthorized requests from the server to external systems. The disclosure of this exploit poses significant risks as it can lead to unauthorized data access or interaction with internal services. The vulnerability has been publicly disclosed, making it imperative for MuYuCMS users to apply mitigations promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MuYuCMS 2.2

References

https://vuldb.com/?id.221805
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221805
signaturepermissions-required
https://github.com/MuYuCMS/MuYuCMS/issues/7
exploitissue-tracking

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

kaga_cve (VulDB User)
JSON
.