CVE-2025-14008 | dayrui XunRuiCMS up to 4.7.1 Project Domain Change Test admin79f2ec220c7e.php?c=api&m=test_site_domain v server-side request forgery

A vulnerability classified as critical has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery.

The identification of this vulnerability is CVE-2025-14008. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14008 | dayrui XunRuiCMS up to 4.7.1 Project Domain Change Test admin79f2ec220c7e.php?c=api&m=test_site_domain v server-side request forgery

Post correlati

CVE-2024-3948 | SourceCodester Home Clean Service System 1.0 Photo adminstudent.add.php unrestricted upload

CVE-2024-0648 | Yunyou CMS up to 2.2.6 Common.php templateFile unrestricted upload

CVE-2023-6582 | ElementsKit Lite Plugin up to 3.0.3 on WordPress information disclosure

CVE-2024-26308 | Apache Commons Compress 1.21/1.22/1.23/1.24/1.25 allocation of resources