PT-2020-14937 · Cellopoint · Cellopoint Cellos
Cyku Hong
·
Published
2020-08-25
·
Updated
2025-05-08
·
CVE-2020-17386
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cellopoint Cellos version 4.1.10 Build 20190922
Description
The issue concerns improper validation of URL input. An attacker can manipulate the URL parameter using the cookie of an authenticated user to access arbitrary files on the system.
Recommendations
For Cellopoint Cellos version 4.1.10 Build 20190922, consider restricting access to authenticated user cookies and validating all URL inputs to prevent unauthorized file access. As a temporary workaround, restrict the use of URL parameters that can be manipulated by attackers until a proper fix is applied.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cellopoint Cellos