CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-16896

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0720%
EPSS Percentile10.65th
Published2017年11月20日
Last Modified2026年5月13日

Vulnerability Description

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.

Affected Platforms (CPE)

📦
Tt Rss

Tiny Tiny Rss

= 17.4

References & Advisories

🔗 https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669
🔗 https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815
🔗 https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669
🔗 https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815

相关漏洞威胁

CVE-2020-257879.8

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.

CVE-2020-257888.1

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_R...

CVE-2021-283737.5

The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a v...

CVE-2020-257896.1

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SV...