Server-Side Request Forgery in Feehi CMS
Critical severity
GitHub Reviewed
Published
Jun 8, 2021
to the GitHub Advisory Database
•
Updated Jul 5, 2023
Description
Published by the National Vulnerability Database
May 24, 2021
Reviewed
May 28, 2021
Published to the GitHub Advisory Database
Jun 8, 2021
Last updated
Jul 5, 2023
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.
References