CVE-2023-3236: mccms Comic.php pic_save server-side request forgery
First published: Wed Jun 14 2023(Updated: )
A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Chshcms Mccms | <=2.6.5 | |
| <=2.6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-3236?
The severity of CVE-2023-3236 is high with a score of 8.8.
How does CVE-2023-3236 affect mccms?
CVE-2023-3236 affects mccms up to version 2.6.5.
What is the vulnerability in mccms related to CVE-2023-3236?
CVE-2023-3236 is a server-side request forgery vulnerability related to the 'pic_save' function in 'sys/apps/controllers/admin/Comic.php'.
Can CVE-2023-3236 be exploited remotely?
Yes, CVE-2023-3236 can be exploited remotely.
Are there any fixes available for CVE-2023-3236?
Please refer to the references provided for information on available fixes for CVE-2023-3236.
- collector/nvd-index
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/title
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- vendor/chshcms
- canonical/chshcms mccms
- version/chshcms mccms/2.6.5