CVE-2017-20106 in Lithiuminfo

Summary

by MITRE • 06/28/2022

A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulDB

Disclosure

06/28/2022

Moderation

accepted

Entry

VDB-97265

CPE

ready

CWE

CWE-918 (confirmed)

Exploit

Download

CVSS

5.3 (VulDB)

EPSS

0.00108

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-20106
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-20106
CVE Details	https://www.cvedetails.com/cve/CVE-2017-20106/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!