{"api_version":"1","generated_at":"2026-05-14T01:32:36+00:00","cve":"CVE-2023-3236","urls":{"html":"https://cve.report/CVE-2023-3236","api":"https://cve.report/api/cve/CVE-2023-3236.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3236","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3236"},"summary":{"title":"CVE-2023-3236","description":"A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2023-06-14 07:15:00","updated_at":"2023-11-07 04:18:00"},"problem_types":["CWE-918"],"metrics":[],"references":[{"url":"https://vuldb.com/?id.231507","name":"https://vuldb.com/?id.231507","refsource":"MISC","tags":[],"title":"CVE-2023-3236: mccms Comic.php pic_save server-side request forgery","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/HuBenLab/HuBenVulList/blob/main/MCCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF)%202.md","name":"https://github.com/HuBenLab/HuBenVulList/blob/main/MCCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF)%202.md","refsource":"MISC","tags":[],"title":"HuBenVulList/MCCMS is vulnerable to Server-side request forgery (SSRF) 2.md at main · HuBenLab/HuBenVulList · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?ctiid.231507","name":"https://vuldb.com/?ctiid.231507","refsource":"MISC","tags":[],"title":"Login required","mime":"text/html","httpstatus":"401","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3236","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3236","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3236","vulnerable":"1","versionEndIncluding":"2.6.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"chshcms","cpe5":"mccms","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-3236","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507."},{"lang":"deu","value":"Es wurde eine Schwachstelle in mccms bis 2.6.5 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion pic_save der Datei sys/apps/controllers/admin/Comic.php. Dank Manipulation des Arguments pic mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-918 Server-Side Request Forgery","cweId":"CWE-918"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"mccms","version":{"version_data":[{"version_affected":"=","version_value":"2.6.0"},{"version_affected":"=","version_value":"2.6.1"},{"version_affected":"=","version_value":"2.6.2"},{"version_affected":"=","version_value":"2.6.3"},{"version_affected":"=","version_value":"2.6.4"},{"version_affected":"=","version_value":"2.6.5"}]}}]}}]}},"references":{"reference_data":[{"url":"https://vuldb.com/?id.231507","refsource":"MISC","name":"https://vuldb.com/?id.231507"},{"url":"https://vuldb.com/?ctiid.231507","refsource":"MISC","name":"https://vuldb.com/?ctiid.231507"},{"url":"https://github.com/HuBenLab/HuBenVulList/blob/main/MCCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF)%202.md","refsource":"MISC","name":"https://github.com/HuBenLab/HuBenVulList/blob/main/MCCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF)%202.md"}]},"credits":[{"lang":"en","value":"p0ison (VulDB User)"}],"impact":{"cvss":[{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"},{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"},{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}]}},"nvd":{"publishedDate":"2023-06-14 07:15:00","lastModifiedDate":"2023-11-07 04:18:00","problem_types":["CWE-918"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:chshcms:mccms:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}