CVE-2025-5327

MEDIUM Year: 2025
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2017-7553

MEDIUM
CVSS:6.3(Medium)

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoi...

CWE-9182017

CVE-2020-11980

MEDIUM
CVSS:6.3(Medium)

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there f...

CWE-9182020

CVE-2020-4294

MEDIUM
CVSS:6.3(Medium)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to ne...

CWE-9182020

CVE-2020-4974

MEDIUM
CVSS:6.3(Medium)

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...

CWE-9182020

CVE-2020-8555

MEDIUM
CVSS:6.3(Medium)

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certa...

CWE-9182020

CVE-2021-3758

MEDIUM
CVSS:6.3(Medium)

bookstack is vulnerable to Server-Side Request Forgery (SSRF)

CWE-9182021