Vulnerabilities > CVE-2023-42398 - Server-Side Request Forgery (SSRF) vulnerability in Zzcms 2023

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zzcms

CWE-918

critical

NVD

Published: 2023-09-15

Updated: 2023-09-20

Summary

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.

Vulnerable Configurations

Part	Description	Count
Application	Zzcms Zzcms Zzcms 2023	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/laterfuture/php-audit/blob/main/CVE-2023-42398%E2%80%94%E2%80%94ZZCMS2023%20SSRF