CNNVD-202602-1415 Information

CNNVD ID

CNNVD-202602-1415

Related CVE

CVE-2026-25870

• CNNVD Published: 2026-02-10

Description (Chinese)

DoraCMS是DoraCMS开源的一个应用软件。基于Nodejs + eggjs + mongodb编写的一套内容管理系统。 DoraCMS 3.1及之前版本存在代码问题漏洞，该漏洞源于UEditor远程图片获取功能存在服务端请求伪造，可能导致内部网络扫描和拒绝服务。

Description (English)

DoraCMS is an application for DoraCMS open source. A content management system based on Nodejs+eggjs+mongodb. There is a code gap in DoraCMS 3.1 and earlier versions, which stems from the existence of a service-end request for forgery of UEditor remote photo acquisition, which may lead to internal network scanning and denial of services.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

DoraCMS

Published

2026-02-10

Last Modified

2026-02-24

References

https://github.com/doramart/DoraCMS/issues/268 https://www.doracms.net/ https://www.vulncheck.com/advisories/doracms-ueditor-remote-image-fetch-ssrf