CVE-2017-20106 in Lithiuminfo

Zusammenfassung

von MITRE • 28.06.2022

A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulDB

Veröffentlichung

28.06.2022

Moderieren

akzeptiert

Eintrag

VDB-97265

CPE

bereit

CWE

CWE-918 (bestätigt)

Exploit

Download

CVSS

5.3 (VulDB)

EPSS

0.00108

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-20106
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-20106
CVE Details	https://www.cvedetails.com/cve/CVE-2017-20106/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!