Authentication flaw

2018-06-2616:29:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.2%

JSON

Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe.

CPENameOperatorVersion
troveboxeq4.0.0 rc6
troveboxle3.0.0
troveboxeq4.0.0 rc5
troveboxeq4.0.0 rc2

Name	Operator	Version
trovebox	eq	4.0.0 rc6
trovebox	le	3.0.0
trovebox	eq	4.0.0 rc5
trovebox	eq	4.0.0 rc2

References

telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html