← Retour aux CVEs
CVE-2017-12905
CRITICAL10.0
Description
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
Details CVE
Score CVSS v3.110.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie9/25/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0
Produits affectes
vebto:pixie_-_image_editor
Faiblesses (CWE)
CWE-918
References
http://seclists.org/fulldisclosure/2017/Sep/47(cve@mitre.org)
http://seclists.org/fulldisclosure/2017/Sep/47(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.