Login Sign Up

CVE-2021-39497

9.8 CRITICAL
SSRF

📋 TL;DR

CVE-2021-39497 is a Server-Side Request Forgery (SSRF) vulnerability in eyoucms 1.5.4 that allows attackers to inject URLs via the saveRemote() function, potentially accessing internal systems. This affects all deployments of eyoucms 1.5.4 that expose the vulnerable functionality. Attackers can exploit this to scan internal networks or access restricted resources.

💻 Affected Systems

Products:
  • eyoucms
Versions: 1.5.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of eyoucms 1.5.4 are vulnerable unless specifically patched or workarounds applied.

📦 What is this software?

Eyoucms by Eyoucms

View all CVEs affecting Eyoucms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains access to internal systems, exfiltrates sensitive data, or pivots to other critical infrastructure.

🟠

Likely Case

Attacker scans internal network, accesses metadata services, or interacts with internal APIs.

🟢

If Mitigated

Limited to accessing only allowed external resources with proper input validation.

🌐 Internet-Facing: HIGH - The vulnerability is in a CMS that's typically internet-facing and exploitable without authentication.
🏢 Internal Only: MEDIUM - Internal deployments could still be exploited by internal attackers or through other compromised systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in GitHub repositories, exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.5.5 and later

Vendor Advisory: https://github.com/eyoucms/eyoucms/releases/tag/v1.5.4

Restart Required: No

Instructions:

1. Download latest version from GitHub releases. 2. Backup current installation. 3. Replace vulnerable files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize URLs before processing in saveRemote() function.

Modify saveRemote() function to validate URL scheme, host, and restrict to allowed domains

Network Segmentation

all

Restrict outbound connections from the CMS server to prevent internal network access.

Configure firewall to block outbound connections from CMS server to internal IP ranges

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block SSRF patterns
  • Disable or restrict the saveRemote() function if not required

🔍 How to Verify

Check if Vulnerable:

Check if running eyoucms version 1.5.4 and examine saveRemote() function for input validation.

Check Version:

Check eyoucms version in admin panel or examine version files in installation directory.

Verify Fix Applied:

Test with controlled SSRF payloads to confirm they are blocked or properly validated.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from CMS server
  • Requests to internal IP addresses or metadata services

Network Indicators:

  • HTTP requests from CMS server to internal network ranges
  • Requests to cloud metadata endpoints

SIEM Query:

source_ip="CMS_SERVER_IP" AND (dest_ip="169.254.169.254" OR dest_ip="10.*" OR dest_ip="192.168.*" OR dest_ip="172.16-31.*")

📊 Metadata

CVE ID: CVE-2021-39497
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: September 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39497, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)