Miggo Logo
Miggo Vulnerability Database
CVE-2021-27312

CVE-2021-27312: Gleez Cms Server Side Request Forgery (SSRF) vulnerability

9.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-27312
GHSA ID
GHSA-7mxg-r76p-363g
EPSS Score
0.79768%
CWE
CWE-918
Published
4/3/2024
Updated
4/3/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
gleez/cmscomposer<= 1.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the default $allow_external=TRUE parameter in Request::factory, combined with URI protocol detection in Request::__construct. This combination allows external request handling via Request_Client_External (which uses cURL). The Gist explicitly shows how this enables SSRF via protocols like gopher://. The code structure matches Kohana 3.3's vulnerable pattern as described in issue #805, where missing $allow_external=FALSE in index.php leaves external requests enabled.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

S*rv*r Si** R*qu*st *or**ry (SSR*) vuln*r**ility in *l**z *ms *.*.*, *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** *n* o*t*in s*nsitiv* in*orm*tion vi* mo*ul*s/*l**z/*l*ss*s/r*qu*st.p*p.

Reasoning

T** vuln*r**ility st*ms *rom t** ****ult $*llow_*xt*rn*l=TRU* p*r*m*t*r in R*qu*st::***tory, *om*in** wit* URI proto*ol **t**tion in R*qu*st::__*onstru*t. T*is *om*in*tion *llows *xt*rn*l r*qu*st **n*lin* vi* R*qu*st_*li*nt_*xt*rn*l (w*i** us*s *URL)