CVE-2025-50234
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-06

Last updated on: 2025-08-18

Assigner: MITRE

Description
MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc_Encryption_Key (bD2voYwPpNuJ7B8), defined in the db.php file. The decrypted URL is passed to the geturl() method, which uses cURL to make a request to the URL without proper security checks. An attacker can craft a malicious encrypted pic parameter, which, when decrypted, points to internal addresses or local file paths (such as http://127.0.0.1 or file://). By using the file:// protocol, the attacker can access arbitrary files on the local file system (e.g., file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts), allowing them to read sensitive configuration files, log files, and more, leading to information leakage or system exposure. The danger of this SSRF vulnerability includes accessing internal services and local file systems through protocols like http://, ftp://, and file://, which can result in sensitive data leakage, remote code execution, privilege escalation, or full system compromise, severely affecting the system's security and stability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-06
Last Modified
2025-08-18
Generated
2026-05-07
AI Q&A
2025-08-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-50234
EUVD
EUVD-2025-23852
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chshcms mccms 2.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Server-Side Request Forgery (SSRF) in MCCMS v2.7.0, specifically in the index() method of the sys\apps\controllers\api\Gf.php file. The vulnerability arises because the pic parameter is decrypted using a hard-coded key and then used to make a cURL request without proper security checks. An attacker can craft a malicious encrypted pic parameter that, when decrypted, points to internal addresses or local file paths. This allows the attacker to access internal services or local files on the server, such as sensitive configuration or log files, leading to information leakage or system exposure.


How can this vulnerability impact me? :

This vulnerability can lead to severe impacts including leakage of sensitive data by accessing internal services or local files, potential remote code execution, privilege escalation, and even full system compromise. It threatens the security and stability of the affected system by allowing attackers to read sensitive files or interact with internal network resources that should be protected.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart