Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe.
References
Link | Resource |
---|---|
https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html | Exploit Third Party Advisory |
https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html - Exploit, Third Party Advisory |
Information
Published : 2018-06-26 16:29
Updated : 2024-11-21 03:40
NVD link : CVE-2018-1000551
Mitre link : CVE-2018-1000551
CVE.ORG link : CVE-2018-1000551
JSON object : View
Products Affected
trovebox
- trovebox
CWE