Login Sign Up

CVE-2024-7740

7.3 HIGH
SSRF

📋 TL;DR

This critical vulnerability in wanglongcn ltcms 1.0.20 allows attackers to perform server-side request forgery (SSRF) through the /api/test/download endpoint. Attackers can manipulate the 'url' parameter to make the server send requests to internal systems, potentially accessing sensitive data or services. Organizations using ltcms 1.0.20 are affected.

💻 Affected Systems

Products:
  • wanglongcn ltcms
Versions: 1.0.20
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerable /api/test/download endpoint appears to be part of the default installation.

📦 What is this software?

Ltcms by Ltcms

View all CVEs affecting Ltcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, perform port scanning of internal networks, or chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Attackers will use SSRF to access internal APIs, cloud metadata services, or internal administrative interfaces to steal credentials and sensitive data.

🟢

If Mitigated

With proper network segmentation and egress filtering, impact is limited to information disclosure from accessible internal services.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on GitHub, making this easy to weaponize. The vulnerability requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: unknown

Vendor Advisory: none

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading to a different CMS if available.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Use web server configuration to block access to /api/test/download endpoint

# For Apache: RewriteRule ^/api/test/download - [F]
# For Nginx: location /api/test/download { deny all; }

Input validation filter

all

Implement input validation to restrict URL parameter to allowed domains only

🧯 If You Can't Patch

  • Implement strict network egress filtering to limit what internal services the server can access
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if /api/test/download endpoint exists and accepts 'url' parameter. Test with controlled external service to confirm SSRF.

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Verify /api/test/download endpoint is blocked or returns error when accessed. Test SSRF attempts fail.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /api/test/download with external URLs
  • Outbound requests from server to unexpected internal IPs

Network Indicators:

  • Server making requests to internal services not normally accessed
  • Port scanning patterns from server IP

SIEM Query:

source_ip=webserver AND (uri_path="/api/test/download" OR dest_ip IN internal_subnets)

📊 Metadata

CVE ID: CVE-2024-7740
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-918
Published: August 13, 2024
Last Updated: August 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7740, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)