PT-2018-9446 · Trovebox · Trovebox

Robin Verton

Published

2018-06-26

Updated

2019-10-03

CVE-2018-1000551

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trovebox versions prior to 4.0.0-rc6 (after commit 742b8edbe contains the fix)

Description The issue is related to a PHP Type juggling vulnerability in the album view component, which can lead to authentication bypass. This can be exploited via an HTTP request.

Recommendations For versions prior to 4.0.0-rc6, update to a version that includes the fix committed after 742b8edbe to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-1000551

Affected Products

Trovebox

PT-2018-9446 · Trovebox · Trovebox

CVE-2018-1000551

Related Identifiers

Affected Products

References · 3