PT-2023-23747 · Mccms · Mccms
P0Ison
·
Published
2023-06-14
·
Updated
2024-05-17
·
CVE-2023-3236
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
mccms versions up to 2.6.5
Description
A critical issue has been found, affecting the
pic save function of the file sys/apps/controllers/admin/Comic.php. The manipulation of the pic argument leads to server-side request forgery, which can be initiated remotely.Recommendations
For versions up to 2.6.5, consider disabling the
pic save function of the Comic.php file until a patch is available. Restrict access to the sys/apps/controllers/admin/Comic.php file to minimize the risk of exploitation. Avoid using the pic argument in the affected function until the issue is resolved.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mccms