CVE-2017-14323
CRITICALOnethink 1.0 and 1.1 - Server-Side Request Forgery via Ueditor getRemoteImage.php upfile Parameter
Title source: llmDescription
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.
References (1)
Core 1
Core References
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Apr/16
Scores
CVSS v3
9.8
EPSS
0.0448
EPSS Percentile
90.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (2)
onethink/onethink
1.0
onethink/onethink
1.1
Published
Apr 10, 2018
Tracked Since
Feb 18, 2026