VYPR
Medium severity4.3NVD Advisory· Published May 15, 2026· Updated May 18, 2026

CVE-2021-47958

CVE-2021-47958

Description

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Couchcms/Couchcmsreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 2.2.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.