PT-2018-9446 · Trovebox · Trovebox

Robin Verton

Publicado

2018-06-26

Atualizado

2019-10-03

CVE-2018-1000551

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trovebox versions prior to 4.0.0-rc6 (after commit 742b8edbe contains the fix)

Description The issue is related to a PHP Type juggling vulnerability in the album view component, which can lead to authentication bypass. This can be exploited via an HTTP request.

Recommendations For versions prior to 4.0.0-rc6, update to a version that includes the fix committed after 742b8edbe to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-1000551

Produtos afetados

Trovebox

PT-2018-9446 · Trovebox · Trovebox

CVE-2018-1000551

Identificadores relacionados

Produtos afetados

Referências · 3