关键漏洞信息 Title: ZenTao PMS <=21.7.6-85642 SSRF Description: A Server-Side Request Forgery (SSRF) vulnerability exists in the Webhook module of ZenTao CMS. Allows authenticated administrators to read arbitrary files from the server's local filesystem. Insufficient URL validation when configuring webhook URLs, particularly the lack of protocol filtering for the scheme. File protocol request responses are stored and displayed in webhook logs, enabling retrieval of sensitive file contents. Source: https://github.com/ez-lbz/ez-lbz.github.io/issues/5 Submitter: ez-lbz (UID 87033) Submission: Date: 01/20/2026 10:29 AM Moderation: Date: 02/04/2026 03:17 PM Status: Accepted VulDB Entry: 344264 [ZenTao up to 21.7.6-85642 Webhook module/webhook/model.php fetchHook server-side request forgery] Points: 20