Vebto Pixie Image Editor 1.4/1.7 Launderer.php url server-side request forgery

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Vebto Pixie Image Editor 1.4/1.7. This vulnerability affects an unknown part of the file Launderer.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field09/26/2017 09:22 AM11/19/2019 03:10 PM
vendorVebtoVebto
namePixie Image EditorPixie Image Editor
version1.4/1.71.4/1.7
fileLaunderer.phpLaunderer.php
argumenturlurl
input_typeParameterParameter
cwe918 (privilege escalation)918 (privilege escalation)
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.57.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore9.19.1
cvss3_meta_tempscore9.19.1
cvss3_vuldb_basescore8.38.3
cvss3_vuldb_tempscore8.38.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sCC
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sCC
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1506297600 (09/25/2017)1506297600 (09/25/2017)
locationFull-DisclosureFull-Disclosure
typeMailinglist PostMailinglist Post
urlhttp://seclists.org/fulldisclosure/2017/Sep/47http://seclists.org/fulldisclosure/2017/Sep/47
price_0day$0-$5k$0-$5k
cveCVE-2017-12905CVE-2017-12905
cve_assigned15029280001502928000
cve_nvd_published15062976001506297600
cve_nvd_summaryServer Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days55
cvss3_nvd_basescore10.010.0
discoverydate1505865600

Do you know our Splunk app?

Download it now for free!