{"id":"CVE-2022-40357","details":"A security issue was discovered in Z-BlogPHP \u003c= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.","modified":"2026-04-10T04:50:43.274731Z","published":"2022-09-20T21:15:11.247Z","references":[{"type":"REPORT","url":"https://github.com/zblogcn/zblogphp/issues/336"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zblogcn/zblogphp","events":[{"introduced":"0"},{"last_affected":"302e57b5703d92d2f43bbfe86a8d4080647a4ba9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.2"}]}}],"versions":["1.5.0.1525","1.5.0.1525-2","1.5.0.1525-4","1.5.0.1525-5","1.5.0.1525-6","1.5.0.1525-7","1.5.0.1525-8","1626","1740","v1.6.0","v1.6.1","v1.7.0","v1.7.0-2945","v1.7.0-beta","v1.7.1-2960","v1.7.2-3030"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40357.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}