CVE-2024-25187

Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Common Weakness Enumeration
References
https://gist.github.com/wisejayer/d365e93ce09b8a36641165e1d1a0a06c
https://github.com/xiaocheng-keji/71cms/issues/2
https://gist.github.com/wisejayer/d365e93ce09b8a36641165e1d1a0a06c
https://github.com/xiaocheng-keji/71cms/issues/2