dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery_CVE-2025-14004

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing manipulation results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-14004

Source VulDB

Published Dec 4, 2025 at 13:32

Modified Dec 4, 2025 at 14:38

Affected Product

Vendor dayrui

Product XunRuiCMS

Version 4.7.0

Affected Versions dayrui XunRuiCMS 4.7.0
dayrui XunRuiCMS 4.7.1

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing manipulation results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-04T13:32:06.141Z",
    "modified": "2025-12-04T14:38:17.655Z",
    "type": "cve",
    "title": "dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.334246\nhttps://vuldb.com/?ctiid.334246\nhttps://vuldb.com/?submit.692907\nhttps://github.com/24-2021/vul/blob/main/xunruicms-email_test-SSRF/xunruicms-email_test-SSRF.md",
    "id": "CVE-2025-14004",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "dayrui XunRuiCMS 4.7.0\ndayrui XunRuiCMS 4.7.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "XunRuiCMS",
    "version": "4.7.0",
    "vendor": "dayrui",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}