2 matches found
CVE-2025-61768
KUNO CMS prior to 1.3.15 is affected by an SSRF in the Media module via uploading specially crafted SVGs with external image references. A logged‑in administrator can trigger an outgoing connection to an arbitrary URL, enabling information disclosure or internal network probing. The issue is fixe...
CVE-2025-61768 Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload
KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...