CVE-2025-0480 MEDIUM

CVE-2025-0480: wuzhicms config.php test server-side request forgery

Vendor N/A
Product wuzhicms
Weakness CWE-918 · SSRF
Published January 15, 2025
Last update January 15, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

January 15, 2025 CVE published
January 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-33627 WordPress AGCA – Custom Dashboard & Login Page plugin <= 7.2.2 - Server Side Request Forgery (SSRF) vulnerability CVE-2025-4581 CVE-2025-10735 Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery CVE-2026-44589 nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect) CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation