CVE-2022-40357

Description

A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.

References

ExploitIssue TrackingThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics