CVE-2015-7570

HIGH

Yeager CMS 1.2.1 - SSRF

Title source: llm

Description

Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.

Exploits (1)

exploitdb WRITEUP
by SEC Consult · textwebappsphp
https://www.exploit-db.com/exploits/39436

References (4)

Scores

CVSS v3 7.2
EPSS 0.0616
EPSS Percentile 90.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Classification

CWE
CWE-918
Status draft

Affected Products (1)

yeager/yeager_cms

Timeline

Published Apr 24, 2017
Tracked Since Feb 18, 2026