CVE-2022-40357

Name of the Vulnerable Software and Affected Versions Z-BlogPHP versions prior to 1.7.3

Description A security issue was discovered that allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter, due to a Server-Side Request Forgery (SSRF) vulnerability in the zb users/plugin/UEditor/php/action crawler.php file.

Recommendations For versions prior to 1.7.3, update to version 1.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable file action crawler.php to minimize the risk of exploitation. Avoid using the source parameter in the affected API endpoint until the issue is resolved.