Server Side Request Forgery in Vebto Pixie Image Editor 1.4 and 1.7: Information Disclosure and Arbitrary Code Execution

Server Side Request Forgery in Vebto Pixie Image Editor 1.4 and 1.7: Information Disclosure and Arbitrary Code Execution

CVE-2017-12905 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

Learn more about our Web Application Penetration Testing UK.