CVE-2018-1000552

2018-06-2616:00:00

mitre

www.cve.org

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.

References

telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html