CVE-2024-7330 | YouDianCMS 7 ydLib.php curl_exec url server-side request forgery

Posted by Angelo Barbosa | Jul 31, 2024 | CVE

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery.

This vulnerability is known as CVE-2024-7330. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7330 | YouDianCMS 7 ydLib.php curl_exec url server-side request forgery

Related Posts

CVE-2024-6684 | GST Electronics inohom Nova Panel N7 up to 1.9.9.6 authentication bypass

CVE-2023-52845 | Linux Kernel up to 6.6.1 tipc lib/string.c strstr buffer overflow

CVE-2024-5611 | Stratum Plugin up to 1.4.1 on WordPress Countdown Widget cross site scripting

CVE-2024-24294 | blackprint engine 0.9.0 engine.min.js _utils.setDeepProperty prototype pollution