CVE-2018-20528
MEDIUMJEECMS 9 - Server-Side Request Forgery via UEditor Remote Image Upload
Title source: manualDescription
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.
References (2)
Core 2
Core References
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/154855
Permissions Required, Third Party Advisory x_refsource_misc
http://hacker.feiyulive.com/wordpress/index.php/116/
Scores
CVSS v3
6.5
EPSS
0.0105
EPSS Percentile
59.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (1)
jeecms/jeecms
9
Published
Dec 28, 2018
Tracked Since
Feb 18, 2026