Vebto Pixie Image Editor 1.4/1.7 Launderer.php url server-side request forgery

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Vebto Pixie Image Editor 1.4/1.7. This vulnerability affects an unknown part of the file Launderer.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	09/26/2017 09:22 AM	11/19/2019 03:10 PM
vendor	Vebto	Vebto
name	Pixie Image Editor	Pixie Image Editor
version	1.4/1.7	1.4/1.7
file	Launderer.php	Launderer.php
argument	url	url
input_type	Parameter	Parameter
cwe	918 (privilege escalation)	918 (privilege escalation)
risk	2	2
cvss2_vuldb_basescore	7.5	7.5
cvss2_vuldb_tempscore	7.5	7.5
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_nvd_av	N	N
cvss2_nvd_ac	L	L
cvss2_nvd_au	N	N
cvss2_nvd_ci	P	P
cvss2_nvd_ii	P	P
cvss2_nvd_ai	P	P
cvss3_meta_basescore	9.1	9.1
cvss3_meta_tempscore	9.1	9.1
cvss3_vuldb_basescore	8.3	8.3
cvss3_vuldb_tempscore	8.3	8.3
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	C	C
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_nvd_av	N	N
cvss3_nvd_ac	L	L
cvss3_nvd_pr	N	N
cvss3_nvd_ui	N	N
cvss3_nvd_s	C	C
cvss3_nvd_c	H	H
cvss3_nvd_i	H	H
cvss3_nvd_a	H	H
date	1506297600 (09/25/2017)	1506297600 (09/25/2017)
location	Full-Disclosure	Full-Disclosure
type	Mailinglist Post	Mailinglist Post
url	http://seclists.org/fulldisclosure/2017/Sep/47	http://seclists.org/fulldisclosure/2017/Sep/47
price_0day	$0-$5k	$0-$5k
cve	CVE-2017-12905	CVE-2017-12905
cve_assigned	1502928000	1502928000
cve_nvd_published	1506297600	1506297600
cve_nvd_summary	Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.	Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	ND	ND
cvss2_vuldb_rc	ND	ND
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	X	X
cvss3_vuldb_rc	X	X
0day_days	5	5
cvss3_nvd_basescore	10.0	10.0
discoverydate		1505865600

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!