Vulnerabilities > CVE-2017-12905 - Server-Side Request Forgery (SSRF) vulnerability in Vebto Pixie Image Editor 1.4/1.7

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

vebto

CWE-918

NVD

Published: 2017-09-25

Updated: 2017-10-06

Summary

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

Vulnerable Configurations

Part	Description	Count
Application	Vebto Vebto Pixie Image Editor 1.4 Vebto Pixie Image Editor 1.7	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Packetstorm

data source	https://packetstormsecurity.com/files/download/144272/pixie-ssrf.txt
id	PACKETSTORM:144272
last seen	2017-09-24
published	2017-09-20
reporter	BeiJing Baimaohui Technology Co., LTD.
source	https://packetstormsecurity.com/files/144272/Pixie-Image-Editor-1.7-Server-Side-Request-Forgery.html
title	Pixie Image Editor 1.7 Server-Side Request Forgery

References

http://seclists.org/fulldisclosure/2017/Sep/47