CVE-2017-16896
CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
Affected Platforms (CPE)
📦
Tt Rss
返回 CVE 瀏覽器
相關漏洞威脅
CVE-2020-257879.8
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
CVE-2020-257888.1
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_R...
CVE-2021-283737.5
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a v...
CVE-2020-257896.1
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SV...