Overview
- Description
- Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trovebox:trovebox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78F6699A-A397-4D6A-970A-E7123622C5CF",
"versionEndIncluding": "3.0.0"
},
{
"criteria": "cpe:2.3:a:trovebox:trovebox:4.0.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD80BAFE-28C1-49F1-AE8C-0E0BC943AA67"
},
{
"criteria": "cpe:2.3:a:trovebox:trovebox:4.0.0:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A011E31-96B1-4979-A4C4-83639B024693"
},
{
"criteria": "cpe:2.3:a:trovebox:trovebox:4.0.0:rc6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6946C75-E3BE-475C-B4BB-B41EFE5D86ED"
}
],
"operator": "OR"
}
]
}
]