CVE-2025-14004 | dayrui XunRuiCMS up to 4.7.1 Email Setting admind45f74adbd95.php?c=email&m=add server-side request forgery

Inserito da Angelo Barbosa | Dic 4, 2025 | CVE

A vulnerability identified as critical has been detected in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing manipulation results in server-side request forgery.

This vulnerability is known as CVE-2025-14004. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14004 | dayrui XunRuiCMS up to 4.7.1 Email Setting admind45f74adbd95.php?c=email&m=add server-side request forgery

Post correlati

CVE-2024-10806 | PHPGurukul Hospital Management System 4.0 betweendates-detailsreports.php fromdate/todate cross site scripting

CVE-2024-10039 | Keycloak mTLS improper authentication

CVE-2025-27012 | a1post A1POST.BG Shipping for Woo Plugin up to 1.5.1 on WordPress cross-site request forgery

CVE-2024-43856 | Linux Kernel up to 6.1.102/6.6.43/6.10.2 dmam_free_coherent allocation of resources