Vulnerabilities > CVE-2017-12905 - Server-Side Request Forgery (SSRF) vulnerability in Vebto Pixie - Image Editor 1.4/1.7

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

vebto

CWE-918

critical

NVD

Published: 2017-09-25

Updated: 2024-11-21

Summary

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

Vulnerable Configurations

Part	Description	Count
Application	Vebto Vebto Pixie Image Editor 1.4 Vebto Pixie Image Editor 1.7	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Packetstorm

data source	https://packetstormsecurity.com/files/download/144272/pixie-ssrf.txt
id	PACKETSTORM:144272
last seen	2017-09-24
published	2017-09-20
reporter	BeiJing Baimaohui Technology Co., LTD.
source	https://packetstormsecurity.com/files/144272/Pixie-Image-Editor-1.7-Server-Side-Request-Forgery.html
title	Pixie Image Editor 1.7 Server-Side Request Forgery

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References