CyberSec.Space Logo
Back to CVE Browser

CVE-2017-12905

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile13.30th
PublishedSep 25, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

Affected Platforms (CPE)

📦
Vebto

Pixie Image Editor

= 1.4
📦
Vebto

Pixie Image Editor

= 1.7

References & Advisories

🔗 http://seclists.org/fulldisclosure/2017/Sep/47
🔗 http://seclists.org/fulldisclosure/2017/Sep/47

Related Vulnerabilities

CVE-2017-1013710.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that ar...

CVE-2017-1399510.0

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webser...

CVE-2017-792810.0

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gatewa...

CVE-2017-1040210.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report...