PT-2020-16208 · Unknown · Tiny Tiny Rss
Published
2020-09-19
·
Updated
2025-12-22
·
CVE-2020-25788
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tiny Tiny RSS versions prior to 2020-09-16
Description
A problem was discovered in Tiny Tiny RSS where the imgproxy function in the plugins/af proxy http/init.php file mishandles the
url variable in an error message.Recommendations
For versions prior to 2020-09-16, consider disabling the imgproxy function in the plugins/af proxy http/init.php file until a patch is available. Restrict access to the
url variable in the affected error message to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tiny Tiny Rss