CVE-2021-47958

Sažetak

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.

Reference

https://github.com/CouchCMS/CouchCMS
https://www.exploit-db.com/exploits/49675
https://www.vulncheck.com/advisories/couchcms-server-side-request-forgery-via-svg-upload

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

15-05-2026 - 19:16

Objavljeno

15-05-2026 - 19:16