This exploit demonstrates an SSRF vulnerability in CouchCMS 2.2.1 via SVG file upload. The SVG file contains an external image reference that triggers an SSRF when processed by the server.
Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target:CouchCMS v2.2.1
Auth required
Prerequisites:Access to the CouchCMS admin panel · Valid nonce for the upload endpoint