| |
Vulnerability CVE-2017-14323
Published: 2018-04-10
| Description: |
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Jiawang Zhang | 08.04.2018 |
Type:
CWE-918
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.5/10 |
6.4/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://seclists.org/fulldisclosure/2018/Apr/16
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
