PT-2023-23747 · Mccms · Mccms

P0Ison

Publicado

2023-06-14

Atualizado

2024-05-17

CVE-2023-3236

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mccms versions up to 2.6.5

Description A critical issue has been found, affecting the pic save function of the file sys/apps/controllers/admin/Comic.php. The manipulation of the pic argument leads to server-side request forgery, which can be initiated remotely.

Recommendations For versions up to 2.6.5, consider disabling the pic save function of the Comic.php file until a patch is available. Restrict access to the sys/apps/controllers/admin/Comic.php file to minimize the risk of exploitation. Avoid using the pic argument in the affected function until the issue is resolved.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2023-3236

Produtos afetados

Mccms

PT-2023-23747 · Mccms · Mccms

CVE-2023-3236

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7