Critical Vulnerability Information 1. Vulnerability Overview Type: Server-Side Request Forgery (SSRF) vulnerability, achieved through XML External Entity (XXE) injection. Affected Systems: Specific versions of the MetInfo Content Management System (CMS). Impact: Attackers can exploit this vulnerability by crafting malicious XML entities to force the server to make HTTP requests to arbitrary internal or external network addresses, potentially leading to internal network reconnaissance, port scanning, or disclosure of sensitive information. 2. Affected Products and Versions Product Name: MetInfo Versions: < 8.1 3. Vulnerability Types CWE-611: Improper restriction of XML External Entity references (XXE). CWE-918: Server-Side Request Forgery (SSRF) 4. Technical Details and Exploitation Steps Vulnerable Component: Components that accept and parse XML data, failing to properly disable external entity resolution. Potential Vulnerable Endpoint: Backend API call paths possibly related to , which processes user-supplied XML data. Proof of Concept (PoC): - Set up a listener: Attackers configure a Netcat listener on port 2333 of their controlled server. - Craft malicious XXE payload: Includes an external entity referencing the listener address. Send Malicious Request: Submit the XML payload to the vulnerable XML processing interface in MetInfo. Verify Exploitation: Confirm successful SSRF attack by observing output from the listener. 5. Recommended Remediation Measures Disable External Entities: When processing XML data, ensure the parser is configured to disable external entity processing (e.g., set LIBXML_NOENT and LIBXML_DTDLOAD to false). Use Secure XML Parsers: Employ libraries or configurations that do not support or default to disabling external entity resolution.