PT-2007-5500 · Pixlie · Pixlie

Rizgar

Published

2007-08-13

Updated

2017-09-29

CVE-2007-4314

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Pixlie version 1.7

Description The issue allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. This can be leveraged for traffic amplification or other denial of service.

Recommendations For Pixlie version 1.7, consider restricting access to the pixlie.php file or disabling the functionality that allows remote attackers to specify a URL in the root parameter until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4314

Affected Products

Pixlie

PT-2007-5500 · Pixlie · Pixlie

CVE-2007-4314

Related Identifiers

Affected Products

References · 2