Vulnerabilities > CVE-2018-18753 - Server-Side Request Forgery (SSRF) vulnerability in Typecho 1.1

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
typecho
CWE-918
critical
NVD
Published: 2018-10-29
Updated: 2019-01-28

Summary

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.

Vulnerable Configurations

Part Description Count
Application
Typecho
1

Common Weakness Enumeration (CWE)

References