CVE-2020-17386
MEDIUMCellopoint CelloOS v4.1.10 Build 20190922 - Server-Side Request Forgery via URL Parameter
Title source: llmDescription
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-3847-c62ca-1.html
Scores
CVSS v3
6.5
EPSS
0.0110
EPSS Percentile
61.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (1)
cellopoint/cellos
4.1.10 build20190922
Published
Aug 25, 2020
Tracked Since
Feb 18, 2026