Описание
Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.0 (включая)
Одно из
cpe:2.3:a:trovebox:trovebox:*:*:*:*:*:*:*:*
cpe:2.3:a:trovebox:trovebox:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:trovebox:trovebox:4.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:trovebox:trovebox:4.0.0:rc6:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00432
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe.
EPSS
Процентиль: 62%
0.00432
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo