CVE-2021-47958

MEDIUM

CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47958. PoCs published by xxcdd.

AI-analyzed exploit summary This exploit demonstrates an SSRF vulnerability in CouchCMS 2.2.1 by uploading a malicious SVG file via the KCFinder browse.php endpoint. The SVG file contains an external reference to an attacker-controlled server, enabling SSRF attacks.

Description

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.

Exploits (1)

exploitdb WORKING POC

by xxcdd · webappsphp

https://www.exploit-db.com/exploits/49675

View Code ZIP pw:eip

This exploit demonstrates an SSRF vulnerability in CouchCMS 2.2.1 by uploading a malicious SVG file via the KCFinder browse.php endpoint. The SVG file contains an external reference to an attacker-controlled server, enabling SSRF attacks.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: CouchCMS v2.2.1

Auth required

Prerequisites: Access to the KCFinder upload interface · Valid nonce value

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed May 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-49675

https://www.exploit-db.com/exploits/49675

Product product

Official Product Homepage

https://github.com/CouchCMS/CouchCMS

Third Party Advisory third-party-advisory

VulnCheck Advisory: CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload

https://www.vulncheck.com/advisories/couchcms-server-side-request-forgery-via-svg-upload

Scores

CVSS v3 4.3

EPSS 0.0024

EPSS Percentile 14.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

CouchCMS/CouchCMS 2.2.1

Published May 15, 2026

Tracked Since May 16, 2026