MEDIUM
CouchCMS
CVE published 2026-05-15
CVE-2021-47958
CVE-2021-47958 describes a server-side request forgery (SSRF) issue in CouchCMS 2.2.1. According to the supplied record, an authenticated attacker can upload a malicious SVG through the browse.php endpoint and use external entity references to make arbitrary HTTP requests from the server. That can expose internal services or other resources reachable only from the application host.