Vulnerability Details : CVE-2018-1000551
Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe.
Products affected by CVE-2018-1000551
- cpe:2.3:a:trovebox:trovebox:*:*:*:*:*:*:*:*
- cpe:2.3:a:trovebox:trovebox:4.0.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:trovebox:trovebox:4.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:trovebox:trovebox:4.0.0:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000551
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000551
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2018-1000551
-
https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html
Trovebox - Authentication Bypass, SQLi, SSRFExploit;Third Party Advisory
Jump to