Search criteria
4 vulnerabilities found for imageserve by imageserve_project
CVE-2017-20153 (GCVE-0-2017-20153)
Vulnerability from nvd – Published: 2022-12-30 11:44 – Updated: 2024-11-19 19:43
VLAI
Title
aerouk imageserve cross site scripting
Summary
A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217057 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217057 | signaturepermissions-required |
| https://github.com/aerouk/imageserve/pull/27 | exploitissue-tracking |
| https://github.com/aerouk/imageserve/commit/2ac3c… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aerouk | imageserve |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:26.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217057"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217057"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/aerouk/imageserve/pull/27"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/aerouk/imageserve/commit/2ac3cd4f90b4df66874fab171376ca26868604c4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T20:09:24.874603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:43:18.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "imageserve",
"vendor": "aerouk",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In aerouk imageserve wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung. Mittels dem Manipulieren des Arguments REQUEST_URI mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2ac3cd4f90b4df66874fab171376ca26868604c4 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T11:31:24.270Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217057"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217057"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/aerouk/imageserve/pull/27"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aerouk/imageserve/commit/2ac3cd4f90b4df66874fab171376ca26868604c4"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-12-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T09:23:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "aerouk imageserve cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20153",
"datePublished": "2022-12-30T11:44:26.213Z",
"dateReserved": "2022-12-30T11:43:26.530Z",
"dateUpdated": "2024-11-19T19:43:18.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20152 (GCVE-0-2017-20152)
Vulnerability from nvd – Published: 2022-12-30 11:42 – Updated: 2024-08-05 21:45
VLAI
Title
aerouk imageserve File viewer.php path traversal
Summary
A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056.
Severity
CWE
- CWE-22 - Path Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217056 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217056 | signaturepermissions-required |
| https://github.com/aerouk/imageserve/pull/27 | exploitissue-tracking |
| https://github.com/aerouk/imageserve/commit/bd23c… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aerouk | imageserve |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217056"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217056"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/aerouk/imageserve/pull/27"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/aerouk/imageserve/commit/bd23c784f0e5cb12f66d15c100248449f87d72e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"File Handler"
],
"product": "imageserve",
"vendor": "aerouk",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in aerouk imageserve gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei public/viewer.php der Komponente File Handler. Durch Manipulation des Arguments filelocation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als bd23c784f0e5cb12f66d15c100248449f87d72e2 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T11:30:11.027Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217056"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217056"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/aerouk/imageserve/pull/27"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aerouk/imageserve/commit/bd23c784f0e5cb12f66d15c100248449f87d72e2"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-12-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T09:20:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "aerouk imageserve File viewer.php path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20152",
"datePublished": "2022-12-30T11:42:10.743Z",
"dateReserved": "2022-12-30T11:40:33.159Z",
"dateUpdated": "2024-08-05T21:45:25.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20153 (GCVE-0-2017-20153)
Vulnerability from cvelistv5 – Published: 2022-12-30 11:44 – Updated: 2024-11-19 19:43
VLAI
Title
aerouk imageserve cross site scripting
Summary
A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217057 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217057 | signaturepermissions-required |
| https://github.com/aerouk/imageserve/pull/27 | exploitissue-tracking |
| https://github.com/aerouk/imageserve/commit/2ac3c… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aerouk | imageserve |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:26.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217057"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217057"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/aerouk/imageserve/pull/27"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/aerouk/imageserve/commit/2ac3cd4f90b4df66874fab171376ca26868604c4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T20:09:24.874603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:43:18.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "imageserve",
"vendor": "aerouk",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In aerouk imageserve wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung. Mittels dem Manipulieren des Arguments REQUEST_URI mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2ac3cd4f90b4df66874fab171376ca26868604c4 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T11:31:24.270Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217057"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217057"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/aerouk/imageserve/pull/27"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aerouk/imageserve/commit/2ac3cd4f90b4df66874fab171376ca26868604c4"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-12-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T09:23:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "aerouk imageserve cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20153",
"datePublished": "2022-12-30T11:44:26.213Z",
"dateReserved": "2022-12-30T11:43:26.530Z",
"dateUpdated": "2024-11-19T19:43:18.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20152 (GCVE-0-2017-20152)
Vulnerability from cvelistv5 – Published: 2022-12-30 11:42 – Updated: 2024-08-05 21:45
VLAI
Title
aerouk imageserve File viewer.php path traversal
Summary
A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056.
Severity
CWE
- CWE-22 - Path Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217056 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217056 | signaturepermissions-required |
| https://github.com/aerouk/imageserve/pull/27 | exploitissue-tracking |
| https://github.com/aerouk/imageserve/commit/bd23c… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aerouk | imageserve |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217056"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217056"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/aerouk/imageserve/pull/27"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/aerouk/imageserve/commit/bd23c784f0e5cb12f66d15c100248449f87d72e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"File Handler"
],
"product": "imageserve",
"vendor": "aerouk",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in aerouk imageserve gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei public/viewer.php der Komponente File Handler. Durch Manipulation des Arguments filelocation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als bd23c784f0e5cb12f66d15c100248449f87d72e2 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T11:30:11.027Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217056"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217056"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/aerouk/imageserve/pull/27"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aerouk/imageserve/commit/bd23c784f0e5cb12f66d15c100248449f87d72e2"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-12-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T09:20:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "aerouk imageserve File viewer.php path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20152",
"datePublished": "2022-12-30T11:42:10.743Z",
"dateReserved": "2022-12-30T11:40:33.159Z",
"dateUpdated": "2024-08-05T21:45:25.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}