CVE-2024-7330 | YouDianCMS 7 ydLib.php curl_exec url server-side request forgery

Posted by Angelo Barbosa | Jul 31, 2024 | CVE

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery.

This vulnerability is known as CVE-2024-7330. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7330 | YouDianCMS 7 ydLib.php curl_exec url server-side request forgery

Related Posts

CVE-2024-22154 | SNP Digital SalesKing Plugin up to 1.6.15 on WordPress information disclosure

CVE-2023-41781 | ZTE MF258 up to ZTE_STD_V1.0.0B10 SMS Interface cross site scripting

CVE-2024-9400 | Mozilla Firefox up to 128.2/130 JIT Compilation memory corruption

CVE-2024-27905 | Apache Aurora up to 0.5.0 information disclosure