CVE-2018-6029

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-6029
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6029.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-6029
Published
2018-01-23T06:29:00Z
Modified
2024-09-03T02:08:15.461912Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring.

References

Affected packages

Git / github.com/nangge/nonecms

Affected ranges

Type
GIT
Repo
https://github.com/nangge/nonecms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v1.*

v1.1.0
v1.2.0
v1.3.0