Arbitrary Request Injection Vulnerability in Z-BlogPHP <= 1.7.2

Arbitrary Request Injection Vulnerability in Z-BlogPHP <= 1.7.2

CVE-2022-40357 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.

Learn more about our Cis Benchmark Audit For Server Software.