CVE-2017-5518 Metalgenix CVE debrief

Who should care

Administrators, developers, and security teams running GeniXCMS through 0.0.8 should treat this as high priority, especially if the media-upload workflow accepts user-controlled URLs or can reach internal network resources.

Technical summary

The vulnerable feature is the media-file upload path, which accepts a URL and may fetch it server-side. NVD classifies the weakness as CWE-918 (SSRF) with vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N. That combination indicates unauthenticated network reachability, user interaction, and the possibility of the vulnerable server being induced to interact with unintended internal or adjacent systems.

Defensive priority

High. SSRF in a web-facing upload path can expose internal services, metadata endpoints, or network-only resources even without direct authentication.

Recommended defensive actions

• Identify any GeniXCMS deployment at version 0.0.8 or earlier and assume the media-upload URL path is exposed until verified otherwise.
• Restrict or disable remote URL fetching in the media upload feature if it is not required.
• Enforce strict allowlists for outbound destinations and block private, loopback, link-local, and other reserved address ranges.
• Limit acceptable URL schemes and reject non-HTTP(S) inputs if the feature must remain enabled.
• Apply the project fix or remediation referenced in the linked issue tracker before re-enabling URL-based media ingestion.
• Monitor outbound requests from the application and review logs for requests targeting internal or unusual network locations.

Evidence notes

The CVE record and NVD detail both identify GeniXCMS through 0.0.8 as vulnerable and classify the weakness as CWE-918. The supplied references include a SecurityFocus BID entry and a GitHub issue tagged with exploit, issue tracking, and patch, which supports remediation context without adding unsupported details.

Official resources