Server Side Request Forgery in Vebto Pixie Image Editor 1.4 and 1.7: Information Disclosure and Arbitrary Code Execution
CVE-2017-12905 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
Learn more about our Web Application Penetration Testing UK.