CVE-2022-31393
📋 TL;DR
Jizhicms v2.2.5 contains a Server-Side Request Forgery (SSRF) vulnerability in the PluginsController.php Index function. This allows attackers to make the server send unauthorized requests to internal systems. All administrators using the vulnerable version are affected.
💻 Affected Systems
- Jizhicms
📦 What is this software?
Jizhicms by Jizhicms
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access internal services, exfiltrate sensitive data, or pivot to attack other internal systems through the compromised server.
Likely Case
Attackers scan internal networks, access metadata services, or interact with internal APIs to gather information.
If Mitigated
With proper network segmentation and egress filtering, impact is limited to the server itself.
🎯 Exploit Status
Exploitation requires admin credentials. The vulnerability is well-documented in public GitHub issues.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.2.6 or later
Vendor Advisory: https://github.com/Cherry-toto/jizhicms/issues/76
Restart Required: No
Instructions:
1. Backup your current installation. 2. Download the latest version from the official repository. 3. Replace the vulnerable file app/admin/c/PluginsController.php with the patched version. 4. Verify the fix by testing the affected functionality.
🔧 Temporary Workarounds
Restrict Admin Panel Access
linuxLimit access to the admin panel to trusted IP addresses only.
# Configure firewall rules to restrict access to admin panel
# Example: iptables -A INPUT -p tcp --dport [admin_port] -s [trusted_ip] -j ACCEPT
# iptables -A INPUT -p tcp --dport [admin_port] -j DROP
Disable Vulnerable Function
allTemporarily disable or restrict the Index function in PluginsController.php.
# Add authentication check or disable the function
# Example: Add 'return false;' at the beginning of the vulnerable function
🧯 If You Can't Patch
- Implement strict network egress filtering to prevent the server from accessing internal systems.
- Monitor and log all outbound requests from the server to detect exploitation attempts.
🔍 How to Verify
Check if Vulnerable:
Check if your Jizhicms version is v2.2.5 by examining the version file or admin panel. Review app/admin/c/PluginsController.php for the vulnerable Index function.Check Version:
cat /path/to/jizhicms/version.txt or check admin panel dashboardVerify Fix Applied:
After patching, test the Index function with controlled SSRF payloads to ensure it no longer makes unauthorized requests.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from the server to internal IPs
- Multiple failed authentication attempts to admin panel followed by SSRF attempts
Network Indicators:
- Unexpected HTTP traffic from the server to internal services
- Requests to metadata services (169.254.169.254) or localhost
SIEM Query:
source="web_server_logs" AND (dest_ip IN (RFC1918, localhost, metadata_services)) AND user_agent="Jizhicms"