CVE-2017-12905
CRITICALVebto Pixie Image Editor 1.4 and 1.7 - Server-Side Request Forgery via Launderer.php URL Parameter
Title source: llmDescription
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
References (1)
Core 1
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Sep/47
Scores
CVSS v3
10.0
EPSS
0.0264
EPSS Percentile
83.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (2)
vebto/pixie_-_image_editor
1.4
vebto/pixie_-_image_editor
1.7
Published
Sep 25, 2017
Tracked Since
Feb 18, 2026