Login Sign Up

CVE-2021-30108

9.1 CRITICAL
SSRF

📋 TL;DR

Feehi CMS 2.1.1 has a server-side request forgery (SSRF) vulnerability where attackers can manipulate the HTTP Referer header to make the server send requests to arbitrary URLs. This allows attackers to probe internal networks, access internal services, or potentially chain with other vulnerabilities. Any Feehi CMS 2.1.1 installation with internet access is affected.

💻 Affected Systems

Products:
  • Feehi CMS
Versions: 2.1.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of Feehi CMS 2.1.1 are vulnerable by default. No special configuration required.

📦 What is this software?

Feehi Cms by Feehi

View all CVEs affecting Feehi Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could pivot to internal systems, access sensitive internal services, perform port scanning, or chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Attackers will use this to scan internal networks, access metadata services (like AWS/Azure instance metadata), or interact with internal APIs to steal data.

🟢

If Mitigated

With proper network segmentation and egress filtering, impact is limited to the server itself making outbound requests.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only modifying HTTP headers, making it trivial for attackers with basic web knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.2 or later

Vendor Advisory: https://github.com/liufee/cms/issues/57

Restart Required: Yes

Instructions:

1. Backup your current installation. 2. Download Feehi CMS 2.1.2 or later from the official repository. 3. Replace vulnerable files with patched versions. 4. Restart your web server.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Block or sanitize malicious Referer headers containing internal IP addresses or sensitive URLs

Network Egress Filtering

all

Restrict outbound connections from the web server to only necessary external services

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the vulnerable server from internal networks
  • Deploy a reverse proxy with strict Referer header validation and filtering

🔍 How to Verify

Check if Vulnerable:

Test by sending a request with Referer header set to a controlled external URL and check if server makes request to it

Check Version:

Check CMS version in admin panel or read version.txt file in installation directory

Verify Fix Applied:

After patching, repeat the test - server should no longer make requests based on Referer header

📡 Detection & Monitoring

Log Indicators:

  • Unusual Referer headers containing internal IPs or unusual domains
  • Outbound requests from web server to unexpected destinations

Network Indicators:

  • Web server making outbound HTTP requests to internal IP ranges
  • Requests to cloud metadata services (169.254.169.254, etc.)

SIEM Query:

source="web_server" AND (http.referer CONTAINS "192.168." OR http.referer CONTAINS "10." OR http.referer CONTAINS "172.16.")

📊 Metadata

CVE ID: CVE-2021-30108
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-918
Published: May 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30108, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)