CVE-2023-3236

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jun 14, 2023

Updated: May 17, 2024

Summary

CVE-2023-3236 is a recently disclosed critical vulnerability affecting mccms versions up to 2.6.5. The issue lies in the Comic.php file, specifically the pic_save function in the sys/apps/controllers/admin folder. An attacker can manipulate the "pic" argument to trigger a server-side request forgery, potentially leading to unauthorized actions. This vulnerability can be exploited remotely, and the exploit has been made public, increasing the risk of potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

MacOS

Affected Vendors

Apple

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rSKsNB
https://www.cve.org/CVERecord?id=CVE-2023-3236
https://nvd.nist.gov/vuln/detail/CVE-2023-3236

Back to Vulnerability Database