从该网页截图中,我们可以提取到以下关于漏洞的关键信息: Overview Title: xunruicms-test_site_domain-SSRF Description: The XunRui CMS system is affected by an SSRF (Server-Side Request Forgery) vulnerability that allows an attacker to exploit it in the Settings -> Domain Binding -> Project Domain -> Change -> Test path. Proof of Concept (POC) The vulnerability appears when changing domain settings and attempting to enter test data, which leads to an SSRF condition. Technical Details Request Headers: - - - and other headers typical for a modern browser. Vulnerable Column/Field: The field for changing the domain under "Project Domain". The POC shows that exploiting this requires inputting a malicious dynamic domain provided by a DNSLog platform. Impact SSRF Impact: Allows an attacker to make the server send requests to arbitrary URLs, potentially leading to information leakage, intranet probing, or other security issues. Affected Versions The affected version of the CMS under test is . The specific releases listed suggest that at least the Laravel, ThinkPHP, and CodeIgniter packages of XunRui CMS v4.7.1 are affected. Conclusion This screenshot indicates that the XunRui CMS system, versions 4.7.1 of the mentioned frameworks, is susceptible to SSRF, with details on how to exploit it through domain setting changes and how it can be tested. This POC should serve as a guideline for updating the CMS and reminding of the need to secure similar input fields against injection vulnerabilities.