CVE-2021-47958

MEDIUM NVD

CVSS Score 4.3

Severity MEDIUM

Published May 15, 2026

Vendor unknown

Description

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.

References

https://github.com/CouchCMS/CouchCMS
https://www.exploit-db.com/exploits/49675
https://www.vulncheck.com/advisories/couchcms-server-side-request-forgery-via-svg-upload