CVE-2018-6029: SSRF
First published: Tue Jan 23 2018(Updated: )
The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 5none Nonecms | =1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-6029?
CVE-2018-6029 is a vulnerability that allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF) in NoneCms 1.3.0.
How severe is CVE-2018-6029?
CVE-2018-6029 has a severity rating of 7.5 (high).
How does CVE-2018-6029 affect NoneCms?
CVE-2018-6029 affects NoneCms version 1.3.0.
How can I fix CVE-2018-6029?
To fix CVE-2018-6029, upgrade NoneCms to a version that has fixed the vulnerability.
Where can I find more information about CVE-2018-6029?
More information about CVE-2018-6029 can be found at the following link: [http://blackwolfsec.cc/2018/01/23/Nonecms_ssrf/](http://blackwolfsec.cc/2018/01/23/Nonecms_ssrf/)
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/5none
- canonical/5none nonecms
- version/5none nonecms/1.3.0