CVE-2025-0480

A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/wuzhicms/wuzhicms/issues/212 Exploit Issue Tracking Vendor Advisory
https://github.com/wuzhicms/wuzhicms/issues/212#issue-2769226216 Exploit Issue Tracking Vendor Advisory
https://vuldb.com/?ctiid.291915 Permissions Required VDB Entry
https://vuldb.com/?id.291915 Third Party Advisory VDB Entry
https://vuldb.com/?submit.474965 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:*

History

13 May 2025, 13:39

Type Values Removed Values Added
First Time Wuzhicms
Wuzhicms wuzhicms
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en wuzhicms 4.1.0. Afecta a la prueba de funcionamiento del archivo coreframe/app/search/admin/config.php. La manipulación del argumento sphinxhost/sphinxport provoca server-side request forgery. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.
CPE cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:*
References () https://github.com/wuzhicms/wuzhicms/issues/212 - () https://github.com/wuzhicms/wuzhicms/issues/212 - Exploit, Issue Tracking, Vendor Advisory
References () https://github.com/wuzhicms/wuzhicms/issues/212#issue-2769226216 - () https://github.com/wuzhicms/wuzhicms/issues/212#issue-2769226216 - Exploit, Issue Tracking, Vendor Advisory
References () https://vuldb.com/?ctiid.291915 - () https://vuldb.com/?ctiid.291915 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.291915 - () https://vuldb.com/?id.291915 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.474965 - () https://vuldb.com/?submit.474965 - Third Party Advisory, VDB Entry

15 Jan 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-15 18:15

Updated : 2025-05-13 13:39


NVD link : CVE-2025-0480

Mitre link : CVE-2025-0480

CVE.ORG link : CVE-2025-0480


JSON object : View

Products Affected

wuzhicms

  • wuzhicms
CWE
CWE-918

Server-Side Request Forgery (SSRF)