Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 20/11/2017 Updated: 05/12/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tt-rss tiny tiny rss 17.4

Debian Bug report logs - #882543 tt-rss: CVE-2017-16896: SQL injection in classes/handler/publicphp in the forgotpass component via login parameter Package: src:tt-rss; Maintainer for src:tt-rss is Sebastian Reichel <sre@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 23 Nov 2017 20:30:0 ...

CWE-89 https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815 https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882543 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-16896

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect