Vulnerabilities > CVE-2020-25788 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tt-Rss Tiny RSS 17.4

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
tt-rss
CWE-829
NVD
Published: 2020-09-19
Updated: 2020-09-29

Summary

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.

Vulnerable Configurations

Part Description Count
Application
Tt-Rss
2

Common Weakness Enumeration (CWE)

References