affected product: GetSimpleCMS CE

version: 3.3.19.

First, go to the backend management page and click on the plugins button, and click ‘Download more pulgins’.

image.png

the function point ‘Download’ suffers from SSRF vulnerability.

image.png

start python’s http server, change the paramater ‘filename’

image.png

ssrf success