关键漏洞信息 Title: Zentao PMS <=21.7.6-85642 SSRF Description: An attacker can construct a malicious base parameter. By making the server send HTTP requests, the attacker can perform internal network discovery, port scanning, and other attacks. Because different port services return different error messages and response times, an attacker can determine whether internal ports are open by analysing response differences, creating a serious security risk. Source: https://github.com/ez-lbz/ez-lbz.github.io/issues/2 Submitter: ez-lbz (UID 87033) Submission Date: 11/07/2025 03:18 AM Moderation Date: 11/29/2025 09:29 PM Status: Accepted VulDB Entry: 233793 (ZenTao up to 21.7.6-8564 module/ai/model.php makeRequest Base server-side request forgery) Points: 19