CVE-2017-12905

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1180%

EPSS Percentile13.30th

PublishedSep 25, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

Affected Platforms (CPE)

📦

Vebto

Pixie Image Editor

= 1.4

📦

Vebto

Pixie Image Editor

= 1.7

References & Advisories

🔗 http://seclists.org/fulldisclosure/2017/Sep/47

Related Vulnerabilities

CVE-2017-514510.0

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. S...

CVE-2017-522610.0

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioc...

CVE-2017-332410.0

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcompone...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...