JeeSite 5 SSRF & Arbitrary File Read Vulnerability Version: JeeSite v5.11 Google Dork: N/A Date: 05/21/2025 Tested on: Windows 11, Java 17, MySQL 8.0 Software Link: https://gitee.com/thinkgem/JeeSite5 Description: A Server-Side Request Forgery (SSRF) and Arbitrary File Read vulnerability exists in JeeSite version 5.11.1 (Spring Boot 3) due to improper input validation of the parameter in the endpoint. This parameter is propagated through multiple layers and ultimately passed into the Spring ResourceLoader.getResource() method, which accepts multiple URI schemes such as file, http, classpath, etc. An attacker can exploit this chain to read local files or make arbitrary requests from the server. Code Analysis: The vulnerable parameter is passed from the controller layer without proper validation and directly used in the method . This value propagates through multiple layers and reaches , which allows loading arbitrary resources based on attacker-controlled input. If external protocols such as http or ftp are allowed, this may lead to Server-Side Request Forgery (SSRF) or arbitrary file access. Payload Used: Example Response: The response shows the content of the file, indicating successful exploitation of the vulnerability.