Login Sign Up

CVE-2020-19613

7.5 HIGH
SSRF

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in FlyCMS allows attackers to make the server send HTTP requests to arbitrary internal or external systems. Attackers can exploit this to access internal services, perform port scanning, or interact with cloud metadata APIs. Anyone running FlyCMS version 20190503 is affected.

💻 Affected Systems

Products:
  • sunkaifei FlyCMS
Versions: 20190503
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the saveUrlAs function in ImagesService.java, affecting image upload functionality.

📦 What is this software?

Flycms by Flycms Project

View all CVEs affecting Flycms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network services, cloud metadata theft leading to credential harvesting, or data exfiltration through internal service interactions.

🟠

Likely Case

Internal network reconnaissance, access to internal APIs or services, and potential data leakage from internal systems.

🟢

If Mitigated

Limited to external resource consumption or failed requests if proper network segmentation and input validation are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the image upload functionality, which typically requires authentication. The vulnerability is well-documented in public GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version, but fixes are available in later commits

Vendor Advisory: https://github.com/sunkaifei/FlyCms/issues/1

Restart Required: Yes

Instructions:

1. Update to the latest version of FlyCMS from the official repository. 2. Apply input validation to restrict URL schemes and domains in the saveUrlAs function. 3. Restart the application server.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement URL validation to restrict allowed schemes and domains

Modify ImagesService.java to validate URLs before processing

Network Segmentation

all

Restrict outbound network access from the application server

Configure firewall rules to limit outbound HTTP/HTTPS traffic

🧯 If You Can't Patch

  • Disable the vulnerable image upload functionality entirely
  • Implement a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running FlyCMS version 20190503 and inspect the ImagesService.java file for the saveUrlAs function without proper URL validation

Check Version:

Check FlyCMS version in application configuration or admin panel

Verify Fix Applied:

Test the image upload functionality with SSRF payloads to ensure they are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the application server
  • Requests to internal IP addresses or cloud metadata endpoints

Network Indicators:

  • HTTP traffic from application server to unexpected internal services
  • Port scanning patterns from the application server

SIEM Query:

source_ip=application_server AND (dest_ip=169.254.169.254 OR dest_ip=10.* OR dest_ip=192.168.* OR dest_ip=172.16.*)

📊 Metadata

CVE ID: CVE-2020-19613
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-918
Published: April 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-19613, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)