CVE-2021-47958

MEDIUM CVSS 4.3 View on NVD ↗

Description

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

https://github.com/CouchCMS/CouchCMS
https://www.exploit-db.com/exploits/49675
https://www.vulncheck.com/advisories/couchcms-server-side-request-forgery-via-svg-upload

Published: May 15, 2026 19:16 UTC Modified: May 15, 2026 19:16 UTC