Vulnerability Details CVE-2022-40357
A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-40357
-
cpe:2.3:a:zblogcn:z-blogphp:1.5
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-2
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-3
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-4
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-5
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-6
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-7
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-8
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1626
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.1
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.1.1740
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.2
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.2.1935
-
cpe:2.3:a:zblogcn:z-blogphp:1.5.2.1935(zero)
-
cpe:2.3:a:zblogcn:z-blogphp:1.6.0
-
cpe:2.3:a:zblogcn:z-blogphp:1.6.1
-
cpe:2.3:a:zblogcn:z-blogphp:1.6.1.2100
-
cpe:2.3:a:zblogcn:z-blogphp:1.7.2